News Stay informed about the latest enterprise technology news and product updates.

Vulnerability in ZoneAlarm Pro

ZoneAlarm Pro's mobile code filter doesn't weed out SSL content, and an attacker could exploit it to lure users to malicious sites. But the vendor said there is "no potential" for it to be exploited on a mass scale.

An attacker could use a bypass vulnerability in Zone Lab's ZoneAlarm Pro software to lure users to malicious sites,...

according to IT consulting firm Kurczaba Associates. But the vendor said there is "no potential" for it to be exploited on a mass scale.

The firm said in its advisory that the problem was uncovered during testing on a Windows XP Professional machine running ZoneAlarm Pro 5.0.590.015. The machine was also equipped with Internet Explorer 6.0 and all patches.

The problem lies in ZoneAlarm Pro's mobile code filter, which integrates with Internet Explorer. The filter blocks potentially dangerous Web objects such as ActiveX, Java Applets and certain MIME objects. It also blocks out any "application/*" MIME type.

"Unfortunately," the advisory said, it does not filter content on the secure sockets layer (SSL), a commonly used protocol for managing the security of a message transmission on the Internet. "A malicious person could lure a ZoneAlarm Pro user to a malicious SSL site with dangerous mobile code content; and ZoneAlarm Pro would not filter the mobile code."

Greg Or, CEO and founder of San Francisco-based Zone Labs, said the company has reviewed the matter and determined that "there is no potential for this to be exploited in the wild on a mass scale."

"Internet Explorer has a default configuration that prevents this from being taken advantage of," Or said. "The user gets a message that someone is trying to download software. For an exploit to be successful, someone would have to put an SSL server on a hijacked Web site. That's very, very hard to do."

Kurczaba Associates had not responded to a request for additional information at this writing.

Dig Deeper on Endpoint protection and client security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.