• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

ZoneAlarm Pro 'Mobile Code' Bypass Vulnerability

tdinc

█▄█ ▀█▄ █
Political User
#1
A vulnerability has been found in the 'Mobile Code' filter in ZoneAlarm Pro

Vendor:
ZoneLabs (http://www.zonelabs.com)

Affected Systems/Configuration:
This test was done on a Windows XP Professional machine, running ZoneAlarm Pro 5.0.590.015. and 5.0.590.043 was released to the public on June 21, 2004 The Internet Explorer version is 6, with all patches.

Vulnerability/Exploit:
The new version of ZoneAlarm Pro features "Mobile Code" blocking, which blocks potentially dangerous web objects such as ActiveX, Java Applets, and certain MIME objects. The filter blocks out any "application/*" MIME type. The "Mobile Code" filter integrates with Internet Explorer.

Unfortunately, the "Mobile Code" filter does not filter SSL content. A malicious person could lure a ZoneAlarm Pro user to a malicious SSL site with dangerous "Mobile Code" content; and ZoneAlarm Pro would not filter the "Mobile Code".

Workaround:
None so far.
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,962
Messages
673,247
Members
89,020
Latest member
saryrehgy