ZoneAlarm Pro Mobile Code Filter Protection Bypass

2004-06-25T04:02:46
ID OSVDB:7261
Type osvdb
Reporter Paul Kurczaba()
Modified 2004-06-25T04:02:46

Description

Vulnerability Description

According to the advisory, ZoneAlarm Pro contains a flaw that may allow a remote attacker to bypass the 'Mobile Code' filter. The 'Mobile Code' blocking feature filters malicious Web objects and any 'application/*' MIME type, but does not filter SSL content. A remote attacker could create a malicious SSL Web page and bypass the Mobile Code filter.

Solution Description

According to the vendor, "ZoneAlarm Pro, Security Suite and Integrity products which employ Mobile Code Protection/ID Lock features do not inspect encrypted traffic. If mobile code is downloaded via a Secure Sockets Layer (SSL) session, it will not be inspected by these products. This is by design and mandated by the SSL Protocol specification."

Short Description

According to the advisory, ZoneAlarm Pro contains a flaw that may allow a remote attacker to bypass the 'Mobile Code' filter. The 'Mobile Code' blocking feature filters malicious Web objects and any 'application/*' MIME type, but does not filter SSL content. A remote attacker could create a malicious SSL Web page and bypass the Mobile Code filter.

References:

Vendor URL: http://www.zonelabs.com/store/content/home.jsp Other Advisory URL: http://www.kurczaba.com/securityadvisories/0406214.htm Other Advisory URL: http://www.securiteam.com/windowsntfocus/5PP0O15D5C.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0420.html Keyword: 0406214 ISS X-Force ID: 16471 CVE-2004-0612