Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: win5230.htm

ZoneAlarm - vulnerability allowing bypass of ZoneAlarm's e-mail protection system MailSafe



3rd Apr 2002 [SBWID-5230]
COMMAND

	vulnerability allowing bypass of ZoneAlarm\'s e-mail  protection  system
	MailSafe

SYSTEMS AFFECTED

	ZoneAlarm 3.0 MailSafe

PROBLEM

	Edvice   Security   Services   [http://www.edvicesecurity.com/]    found
	following regarding MailSafe, email protection module for  ZoneAlarm,  a
	personal firewall.
	

	It is possible to bypass ZoneAlarm Email Protection by appending  a  dot
	to the file name extension (e.g. malicious.exe becomes  malicious.exe.).
	The dot changes the file name extension and MailSafe  fails  to  compare
	it with known dangerous extensions. The MS-Windows operating  system  on
	the other hand disregards a dot at the end of a file name. When  Windows
	is given a file name ending with a dot,  it  will  automatically  remove
	the dot from the file name extension. When Outlook  or  Outlook  Express
	receives a file name that ends with a dot, it will present the dot,  but
	will   launch   the   appropriate   application   when   the   file   is
	double-clicked, as if the dot does not exist.

SOLUTION

	Fix v3.0.118 is available from ZoneLabs [http://www.zonelabs.com/]


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH