Full Disclosure: Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC

From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 01 Oct 2005 20:40:57 +0200

* Debasis Mohanty:

I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText()
doesn't work for the current version of ZA Products (ZA Pro / Internet Sec
Suit). 

This helps preventing the most wellknown windows local attack - Shatter
Attack.


If I understand things correctly, in the attack Thierry describes, you
don't send window messages to windows of the Zone Alarm process (which
might be protected indeed), but to the Internet Explorer windows.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC Thierry Zoller (Oct 01)
- RE: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)
  - Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Florian Weimer (Oct 01)
    - Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Thierry Zoller (Oct 01)
    - RE: Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)
    - Re: Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Thierry Zoller (Oct 01)
    - RE: Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)
    - RE: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)