Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 01 Oct 2005 20:40:57 +0200

* Debasis Mohanty:

I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText()
doesn't work for the current version of ZA Products (ZA Pro / Internet Sec
Suit). 

This helps preventing the most wellknown windows local attack - Shatter
Attack.

If I understand things correctly, in the attack Thierry describes, you
don't send window messages to windows of the Zone Alarm process (which
might be protected indeed), but to the Internet Explorer windows.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault