Reported September 28, 2005 by Debasis Mohanty


ZoneAlarm Firewall, free versions


Zone Labs' ZoneAlarm firewall can be bypassed by using Dynamic Data Exchange (DDE) and interprocess communications (IPC). A malicious program could gain access beyond the firewall through IPC-DDE and a trusted program that's allowed access through the firewall.


Zone Labs reports that only free versions of ZoneAlarm firewall are affected because they lack Advanced Program Control, which is found in ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, and ZoneAlarm Security Suite. Users of products with Advanced Program Control should ensure that it is enabled in order to defend against these types of attacks. All ZoneAlarm users, including users of the free version, should also ensure that they have the latest version of the products installed.