ZoneAlarm Pro Mobile Code Blocking Can Be Bypassed With SSL Connections
SecurityTracker Alert ID: 1010556|
SecurityTracker URL: http://securitytracker.com/id/1010556
(Links to External Site)
Date: Jun 21 2004
Host/resource access via network|
Exploit Included: Yes |
Paul Kurczaba reported a vulnerability in ZoneAlarm Pro. A remote user can bypass the Mobile Code blocking feature.|
It is reported that the 'Mobile Code' blocking feature does not filter content delivered via SSL-based connections.
A remote user can bypass the mobile code protection feature by delivering content via HTTPS (SSL).|
No solution was available at the time of this entry.|
Vendor URL: www.zonelabs.com/ (Links to External Site)
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: ZoneAlarm Pro 'Mobile Code' Bypass Vulnerability|
ZoneAlarm Pro 'Mobile Code' Bypass Vulnerability
Vulnerability ID Number:
A vulnerability has been found in the 'Mobile Code' filter in ZoneAlarm Pro
This test was done on a Windows XP Professional machine, running ZoneAlarm Pro
5.0.590.015. The Internet Explorer version is 6, with all patches.
The new version of ZoneAlarm Pro features "Mobile Code" blocking, which blocks potentially
dangerous web objects such as ActiveX, Java Applets, and certain MIME objects. The filter
blocks out any "application/*" MIME type. The "Mobile Code" filter integrates with
Unfortunately, the "Mobile Code" filter does not filter SSL content. A malicious person
could lure a ZoneAlarm Pro user to a malicious SSL site with dangerous "Mobile Code"
content; and ZoneAlarm Pro would not filter the "Mobile Code".
None so far.
June 21, 2004
Visit http://www.kurczaba.com for mailing lists in Security, Encryption, Wireless,
MS-Security, and Production Security.