Hi All !! While I was testing desktop based firewalls (here it is Zone Alarm Pro) with the firewall evasion kit developed by me, I found that a very old flaw still exists in many latest versions of desktop based firewalls. It is possible for a malicious program to bypass a desktop based firewall by using DDE-IPC (Direct Data Exchange - Interprocess Communications) which enables an un-trusted program to communicate with the attacker or access internet via other trusted programs (Ex: Internet Explorer). This flaw is known since before year 2003. As per a post by Te Smith (Sr. Director, Corporate Communications, Zone Labs), this issue is resolved in higher version Zone Alarm Pro having Advanced Program Control feature. (Ref # http://seclists.org/lists/bugtraq/2003/Jul/0000.html) However, I find that this issue still exists in higher versions of Zone Alarm Pro and might also exist in other desktop based firewalls. I didn't find any good PoC around, so I thought of writing a PoC which can demonstrate and explain how an un-trusted program can access internet or establish connection with the attacker via other trusted programs by leveraging over the DDE-IPC design flaw. The PoC can be downloaded from the following link: http://hackingspirits.com/vuln-rnd/vuln-rnd.html Cheers.... Tr0y (aka Debasis Mohanty) www.hackingspirits.com
