Extract:
QuoteAn attacker who succeeds placing a malicious DLL in a folder, which appears in the PATH before the ZoneAlarm folder, might run the malicious DLL under the SYSTEM local account privileges.
Any software program that runs with SYSTEM privileges and dynamically loads DLLs from the PATH could be subjected to a similar issue.
See this link from NISCC (http://www.niscc.gov.uk/niscc/docs/br-20060313-00202.html?lang=en) for full details.
I didn't really understand this - I'm a bit confused about how does a user become endangered? :shock:
I'm especially concerned now because of the difficulties with the new Zone Alarm update 65_722_ 000 does this troublesome update leave a user open to exploitation?
M. :lol:
mgee :)
QuoteI didn't really understand this - I'm a bit confused about how does a user become endangered?
I cannot fully explain how this ZA issue could have endangered a user, but I know there are others here that can answer that.
QuoteI'm especially concerned now because of the difficulties with the new Zone Alarm update 65_722_ 000 does this troublesome update leave a user open to exploitation?
Not quite sure if you mean the ZA 65.722.00 is troublesome or the local escalation of privileges issue in ZA is troublesome. :lol:
As I understand it there were issues reported by numerous users with ZA update 65.722.00 which to me seemed more compatibility issues with other software like MSN Messenger.
Check out this thread: http://www.landzdown.com/index.php?topic=8516.0 (http://www.landzdown.com/index.php?topic=8516.0)
Because of those compatibility issues reported, I am still at ZoneAlarm version:6.1.744.001
But it's my understanding that version:6.1.744.001 fixed the local escalation of privileges security issue per the revision history outlined by ZA.
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html#6.1.744.001 (http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html#6.1.744.001)
So even tho I am not sure how escalation of privileges can harm me...I have the impression that updating to ZA 6.1.744.001 covers me for that issue.
Here's the history from 6.1.744.000 to 6.5.722.00New and improved features in ZoneAlarm version 6.5.722.000
Fixed: Removed McAfee installation gate
Fixed- LastWriteTime not being updated
New and improved features in ZoneAlarm version 6.5.714.000
Fixed – In some instances rundll32 takes ~90-99% CPU
Fixed –Service stability issue
New and improved features in ZoneAlarm version 6.5.700.000
Game mode: Right-mouse click control to stop alerts from interrupting game play.
Addresses inability to delete ZoneAlarm files in Safe Mode.
Addressed incompatibility with Red Orchestra Game.
Fixed a service stability issue.
Reduced memory usage during Anti-Spyware scan.
Improved Boot time.
Various other fixes.
New and improved features in ZoneAlarm version 6.1.744.001
Fixed - Local escalation of privileges issue (For more details please click here (http://download.zonelabs.com/bin/free/securityAlert/51.html)) New and improved features in ZoneAlarm version 6.1.744.000
Fixed - Service stability issue
Fixed - Communicate with the centralized server issue
Fixed - Overlapped text in support and update information
Fixed - Various other bug fixes