On 2005-01-03 Ferruh Mavituna wrote: > ------------------------------------------------------------------- > Multiple Firewall Products Bypass Vulnerability > ------------------------------------------------------------------- > Online URL : http://ferruh.mavituna.com/article/?769 > Download POC : http://ferruh.mavituna.com/opensource/firewallbypass.zip > (Also I attached vbs files as txt, one of them is -mousecontrol.txt- > vb.net source code) > > This is a generic problem of common Personal Firewall products which > are accept shortcuts or provide an interface that enables to click > without require a password for controlled actions (acting as server > -listening ports-, executing another program, connecting to another > computer etc.). There was a demonstration of this very problem on a lecture the Chaos Computer Club Ulm held on December 13th at the University of Ulm. We had two sample applications to circumvent Kerio and Nortion Personal Firewalls. During this lecture we also demonstrated how a malicious application could establish a remote shell without any Personal Firewall taking notice. http://www.ulm.ccc.de/chaos-seminar/personal-firewalls/ Up to now the page is only available in german, sorry. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
