Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: hack2250.htm

ZoneAlarm Pro 'Mobile Code' Bypass vuln
ZoneAlarm Pro 'Mobile Code' Bypass Vulnerability

ZoneAlarm Pro 'Mobile Code' Bypass Vulnerability 

Vulnerability ID Number:

A vulnerability has been found in the 'Mobile Code' filter in ZoneAlarm Pro

ZoneLabs ( 

Affected Systems/Configuration:
This test was done on a Windows XP Professional machine, running ZoneAlarm Pro 5.0.590.015. The Internet Explorer version is 6, with all patches.

The new version of ZoneAlarm Pro features "Mobile Code" blocking, which blocks potentially dangerous web objects such as ActiveX, Java Applets, and certain MIME objects. The filter blocks out any "application/*" MIME type. The "Mobile Code" filter integrates with Internet Explorer.

Unfortunately, the "Mobile Code" filter does not filter SSL content. A malicious person could lure a ZoneAlarm Pro user to a malicious SSL site with dangerous "Mobile Code" content; and ZoneAlarm Pro would not filter the "Mobile Code".

None so far.

Date Discovered:
June 21, 2004


Paul Kurczaba
Kurczaba Associates 
Visit for mailing lists in Security, Encryption, Wireless, MS-Security, and Production Security.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH