Users login

Create an account »


Users login

Home » Hacking News » ZoneLabs personal firewall vulnerable to User Input Circumvention Exploits

ZoneLabs personal firewall vulnerable to User Input Circumvention Exploits

by Nikola Strahija on February 28th, 2003 ZoneLabs has announced that they have released Version 3.7 of the ZoneAlarm product to fix a vulnerability that might allow an application to simulate user input and change a users settings on their firewall. ZoneLabs states that they believe most other personal firewalls are also vulnerable to this type of exploit.

Previous versions of ZoneAlarm products were vulnerable to a "proof of concept" demonstration application that showed how this test application could use various APIs to send keystrokes to the user interface of ZoneAlarm. User settings could then be changed, granting Internet access to the test application. Password protection made the products less susceptible to this attack. Both Zone Labs and the creator of the test application have confirmed that version 3.7 of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro has now fixed this vulnerability. Although Zone Labs is not aware of any instances of malicious software utilizing this exploit, they are recommending that all ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro users upgrade to the new 3.7 versions. Registered users who have enabled the “Check for Update” feature will be automatically informed by their fireall whenever a new software update is released.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »