Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3560

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3560
Last Modified 05 Sep 2008 04:54:42
Published 16 Nov 2005 02:42:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3560

Summary

Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags.

Vulnerable Systems

Application

  • Zonelabs Zonealarm 6.0

  • Zonelabs Zonealarm Anti-spyware 6.0

  • Zonelabs Zonealarm Anti-spyware 6.1

  • Zonelabs Zonealarm Antivirus 6.0

  • Zonelabs Zonealarm Security Suite 6.0


References

XF - zonealarm-showhtmldialog-obtain-information(22971)

BID - 15347

BUGTRAQ - 20051107 Zone Labs Products Advance Program Control and OS Firewall (Behavioral Based) Technology Bypass Vulnerability

OSVDB - 20677

SECUNIA - 17450

SREASON - 155


Last Updated: 27 May 2016 10:40:58