[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Zone Labs IMsecure Active Link Filter Bypass
From: Kurczaba Associates advisories <advisories () kurczaba ! com>
Date: 2004-11-11 19:58:44
Message-ID: 20041111145844.6b7ac250 () mail ! kurczaba ! com
[Download RAW message or body]
Zone Labs IMsecure Active Link Filter Bypass
http://www.kurczaba.com/html/security/0410141.htm
-------------------------------------------------
Overview:
A vulnerability has been discovered in the Zone Labs IMsecure Active Link Filter
Vendor:
Zone Labs (http://www.zonelabs.com)
Affected Systems/Configuration:
Versions of IMsecure and IMsecure Pro prior to 1.5
Vulnerability/Exploit:
The Active Link filter blocks potentially dangerous URLs in IM messages.
For example, IMsecure will remove URLs with extensions of .vbs, and .exe. By using \
hex encoded characters in the file extension of the URL, it is possible to bypass the \
Active Link filter.
Workaround:
Upgrade to version 1.5 or higher
Proof of Concept:
http://www.example.com/somefile.e%78e
In the example above, "78" is hex for "x".In plain English, the URL reads:
http://www.example.com/somefile.exe
Date Discovered:
April 1, 2004
Fix Available:
October 12, 2004
Severity:
Low
Credit:
Paul Kurczaba
Kurczaba Associates
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic