A vulnerability has been found in the Mobile Code filter in ZoneAlarm Pro where SSL content is not filtered. Tested against Windows XP Pro running ZoneAlarm Pro 5.0.590.015 and Internet Explorer version 6, with all patches.
9f550907ba57239e2e48c56db138dbfa750a3cb38f6d2cdd756fae1d650f0bbaZoneAlarm Pro 'Mobile Code' Bypass Vulnerability
http://www.kurczaba.com/securityadvisories/0406214.htm
-------------------------------------------------------------
Vulnerability ID Number:
0406214
Overview:
A vulnerability has been found in the 'Mobile Code' filter in ZoneAlarm Pro
Vendor:
ZoneLabs (http://www.zonelabs.com)
Affected Systems/Configuration:
This test was done on a Windows XP Professional machine, running ZoneAlarm Pro 5.0.590.015. The Internet Explorer version is 6, with all patches.
Vulnerability/Exploit:
The new version of ZoneAlarm Pro features "Mobile Code" blocking, which blocks potentially dangerous web objects such as ActiveX, Java Applets, and certain MIME objects. The filter blocks out any "application/*" MIME type. The "Mobile Code" filter integrates with Internet Explorer.
Unfortunately, the "Mobile Code" filter does not filter SSL content. A malicious person could lure a ZoneAlarm Pro user to a malicious SSL site with dangerous "Mobile Code" content; and ZoneAlarm Pro would not filter the "Mobile Code".
Workaround:
None so far.
Date Discovered:
June 21, 2004
Severity:
Medium
Credit:
Paul Kurczaba
Kurczaba Associates
http://www.kurczaba.com/
Visit http://www.kurczaba.com for mailing lists in Security, Encryption, Wireless, MS-Security, and Production Security.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed