ZoneAlarm 3 MailSafe Vulnerability

Naviga SWZ: Home Page » News
News del 05 Aprile 02 Autore: eymerich
ZoneLabs ZoneAlarm MailSafe Extension Dot Filtering Bypass Vulnerability


It is possible to bypass ZoneAlarm Email Protection by appending a dot to the file name extension (e.g. malicious.exe becomes malicious.exe.). The dot changes the file name extension and MailSafe fails to compare it with known dangerous extensions. The MS-Windows operating system on the other hand disregards a dot at the end of a file name. When Windows is given a file name ending with a dot, it will automatically remove the dot from the file name extension. When Outlook or Outlook Express receives a file name that ends with a dot, it will present the dot, but will launch the appropriate application when the file is double-clicked, as if the dot does not exist.

Vendor Status

ZoneLabs was first contacted on January 26, 2002.

A fix (v3.0.118) for most of the vulnerabilities we encountered, including the one mentioned above, is available through ZoneAlarm's Check for Update feature as from yesterday.ZoneLabs is still working on one of the vulnerabilities and a fix is expected soon .

fonte securityfocus

NB: La corrente versione 3.0.118 non risolve tutte le vulnerabilità rilevate,a breve seguiranno probabilmente ulteriori aggiornamenti.
6 - Commento/i sul Forum


Categoria: Sicurezza

La Community di

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum


Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter