Hey TZ, >> I am not sure we are speaking about the same attack. When I was speaking about SendMessage() >> I was refering to the presentation at CCC2003, i.e shelling IE simulating a user through SendMessage() Api.
As this wasn't clear in your previous reply so I got it wrong. Anyway thanks for clarifying ... :) >> AFAIK, it does not, the Shatter Attack doesn't necessarely rely on SendMessage(), >> not to mention a driver shouldn't open a window at all Very true .. The shatter attack & DDE problem is partially resolved by ZA current version as long the attack takes place at ring-3. I haven't checked it for ring-0 so can't comment on it. - D -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thierry Zoller Sent: Saturday, October 01, 2005 9:03 PM To: [email protected] Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Dear Debasis, DM> I tested this earlier, SendMessage() / SetDlgItem() / DM> SetWindowText() doesn't work for the current version of ZA Products DM> (ZA Pro / Internet Sec Suit). I am not sure we are speaking about the same attack. When I was speaking about SendMessage() I was refering to the presentation at CCC2003, i.e shelling IE simulating a user through SendMessage() Api. DM> This helps preventing the most wellknown windows local attack - DM> Shatter Attack. AFAIK, it does not, the Shatter Attack doesn't necessarely rely on SendMessage(), not to mention a driver shouldn't open a window at all (not react to F1 messages either) <- if you read this and are a vendor check for this.. gives SYSTEM rights occasionaly. (through browse -> cmd.exe) DM> However, I still can see a way out for their latest product... Will DM> be updated soon. Looking forward to it :) -- Regards, Thierry Zoller mailto:[EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
