Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Sun, 2 Oct 2005 00:53:21 +0530

FW, 
Just to clarify: 

If I understand things correctly, in the attack Thierry describes, you
don't send window messages 
to windows of the Zone Alarm process (which might be protected indeed),
but to the Internet Explorer windows.

Well, I was refering to sending windows messages from any programs to any
other program (not necessarily ZA Processes) -> The latest version of ZA
prevents against windows messaging inbetween two different programs /
processes and pop-up for user's permission to allow access. So it will be a
vague attemt to even try sending anytype of msgs to ZA via windows
messaging.

- D


  

-----Original Message-----
From: Florian Weimer [mailto:fw () deneb enyo de] 
Sent: Sunday, October 02, 2005 12:11 AM
To: Debasis Mohanty
Cc: 'Thierry Zoller'; full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (Zone
AlarmPro)Using DDE-IPC

* Debasis Mohanty:

I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText() 
doesn't work for the current version of ZA Products (ZA Pro / Internet 
Sec Suit).

This helps preventing the most wellknown windows local attack - 
Shatter Attack.

If I understand things correctly, in the attack Thierry describes, you don't
send window messages to windows of the Zone Alarm process (which might be
protected indeed), but to the Internet Explorer windows.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]