Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the Advanced Program Control and OS Firewall filters setting via URLs in HTML Modal Dialogs (window.location.href) contained within JavaScript tags.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zonealarm | Zonelabs | 6.0 (including) | 6.0 (including) |
| Zonealarm_anti-spyware | Zonelabs | 6.0 (including) | 6.0 (including) |
| Zonealarm_anti-spyware | Zonelabs | 6.1 (including) | 6.1 (including) |
| Zonealarm_antivirus | Zonelabs | 6.0 (including) | 6.0 (including) |
| Zonealarm_security_suite | Zonelabs | 6.0 (including) | 6.0 (including) |
References
- http://secunia.com/advisories/17450
- http://securityreason.com/securityalert/155
- http://www.osvdb.org/20677
- http://www.securityfocus.com/archive/1/415968
- http://www.securityfocus.com/bid/15347
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22971
- http://secunia.com/advisories/17450
- http://securityreason.com/securityalert/155
- http://www.osvdb.org/20677
- http://www.securityfocus.com/archive/1/415968
- http://www.securityfocus.com/bid/15347
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22971