Internet Security Industry News
Local ZoneAlarm Firewall Driver vulnerability
August 6, 2003
Local ZoneAlarm Firewall (probably all versions - tested on v3.1). Device Driver vulnerability. ZoneAlarm is a very powerful and very common nowadays firewall for Windows produced by Zone Labs.II.
The driver installed with ZoneAlarm is vulnerable, and can be exploited in cause of that attacker can gain full system control (ring0 privileges). By sending properly formatted message to the ZoneAlarm Device Driver (VSDATANT - TrueVector Device Driver) you can cause an device driver memory overwrite.
Overview, sending faked buffers with specific singal can cause a miscellaneous code execution:
First signal should be send to overwrite specific memory location, in the current case it can be one of the case-if-statement.
push 0 ;overlapped
If the correct STATMENT_INSTRUCTION_POINTER will be put the address should be overwritten to 00060001h (example). After memory allocation at this address (inserting shellcode bla bla bla), the second signal must be send to jump into inserted code.
Click here to read the complete article on the Security Corp. website.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing