CVE-2005-3560

ZoneAlarm 6.0-6.1 - Firewall Bypass via HTML Modal Dialog JavaScript URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3560. PoCs published by Tr0y-x.

AI-analyzed exploit summary This exploit demonstrates a bypass of Zone Alarm's Advanced Program Control by leveraging a modal HTML dialog to redirect data to a remote site. It uses MSHTML.DLL to display a local HTML file that executes JavaScript for redirection.

Description

Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tr0y-x · textlocalwindows

https://www.exploit-db.com/exploits/26479

View Code ZIP pw:eip

This exploit demonstrates a bypass of Zone Alarm's Advanced Program Control by leveraging a modal HTML dialog to redirect data to a remote site. It uses MSHTML.DLL to display a local HTML file that executes JavaScript for redirection.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Zone Labs Zone Alarm (version not specified)

No auth needed

Prerequisites: Advanced Program Control enabled · Browser authorized for Internet access

MITRE ATT&CK