ZoneAlarm Personal Firewall Can Be Bypassed Using DDE-IPC
According to Debasis Mohanty, while he was testing desktop based firewalls with the firewall evasion kit developed by him, he found that a very old flaw still exists in many latest versions of desktop based firewalls. It is possible for a malicious program to bypass a desktop based firewall by using DDE-IPC (Direct Data Exchange – Interprocess Communications) which enables an un-trusted program to communicate with the attacker or access internet via other trusted programs (e.g. Internet Explorer). This flaw has been known since before 2003.
Zone Labs reports that only free versions of ZoneAlarm firewall are affected because they lack Advanced Program Control, which is found in ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, and ZoneAlarm Security Suite.
For the complete message from Debasis Mohanty, click here.
