Description
Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Tr0y-x · textlocalwindows
https://www.exploit-db.com/exploits/26479
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15347
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20677
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/155
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22971
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/415968
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17450
Scores
EPSS
0.0444
EPSS Percentile
89.1%
Details
Status
published
Products (5)
zonelabs/zonealarm
6.0 (2 CPE variants)
zonelabs/zonealarm_anti-spyware
6.0
zonelabs/zonealarm_anti-spyware
6.1
zonelabs/zonealarm_antivirus
6.0
zonelabs/zonealarm_security_suite
6.0
Published
Nov 16, 2005
Tracked Since
Feb 18, 2026