An attacker could use a bypass vulnerability in Zone Lab's ZoneAlarm Pro software to lure users to malicious sites and there is currently no workaround, according to IT consulting firm Kurczaba Associates.
The firm said in its advisory that the problem was uncovered during testing on a Windows XP Professional machine running ZoneAlarm Pro 5.0.590.015. The machine was also equipped with Internet Explorer 6.0 and all patches.
The problem lies in ZoneAlarm Pro's mobile code filter, which integrates with Internet Explorer. The filter blocks potentially dangerous Web objects such as ActiveX, Java Applets, and certain MIME objects. It also blocks out any "application/*" MIME type.
"Unfortunately," the advisory said, it does not filter content on the secure sockets layer (SSL), a commonly used protocol for managing the security of a message transmission on the Internet. "A malicious person could lure a ZoneAlarm Pro user to a malicious SSL site with dangerous mobile code content; and ZoneAlarm Pro would not filter the mobile code."
Frederick Felman, vice president of marketing for San Francisco-based Zone Labs, said company analysts are taking a look at ZoneAlarm Pro to determine what course of action, if any, should be taken.
"The good news is that it looks like a vulnerability that requires user action," Felman said, adding that it doesn't look like a threat that could spread at random. "Users should feel safe, but apply the general practice of being careful of the sites they visit."
Kurczaba Associates said the vulnerability, discovered Monday, is of medium severity. It had not responded to a request for additional information at this writing.