OSVDB ID: 20677 Title: ZoneAlarm ShowHTMLDialog() Outbound Filter Bypass |
Info |
|
|
Dates |
||||
|
|
Description |
Various ZoneAlarm products contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a trusted web browser is used to execute the ShowHTMLDialog() function. Malware can then create a modal dialog box to display HTML, and redirect the victim to the attacker's web site. |
Classification |
Location:
Local Access Required
Attack Type: Information Disclosure Impact: Loss of Confidentiality, Loss of Integrity Exploit: Exploit Rumored / Private Disclosure: OSVDB Verified |
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. |
Products |
|
References |
|
Credit |
|
hackingspirits.com -