Reported September 28, 2005 by Debasis Mohanty

VERSIONS AFFECTED


ZoneAlarm Firewall, free versions


DESCRIPTION

Zone Labs' ZoneAlarm firewall can be bypassed by using Dynamic Data Exchange (DDE) and interprocess communications (IPC). A malicious program could gain access beyond the firewall through IPC-DDE and a trusted program that's allowed access through the firewall.



VENDOR RESPONSE

Zone Labs reports that only free versions of ZoneAlarm firewall are affected because they lack Advanced Program Control, which is found in ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, and ZoneAlarm Security Suite. Users of products with Advanced Program Control should ensure that it is enabled in order to defend against these types of attacks. All ZoneAlarm users, including users of the free version, should also ensure that they have the latest version of the products installed.