[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Zone Labs IMsecure Active Link Filter Bypass
From:       Kurczaba Associates advisories <advisories () kurczaba ! com>
Date:       2004-11-11 19:58:44
Message-ID: 20041111145844.6b7ac250 () mail ! kurczaba ! com
[Download RAW message or body]

Zone Labs IMsecure Active Link Filter Bypass
http://www.kurczaba.com/html/security/0410141.htm
-------------------------------------------------

Overview:
A vulnerability has been discovered in the Zone Labs IMsecure Active Link Filter

Vendor:
Zone Labs (http://www.zonelabs.com)

Affected Systems/Configuration:
Versions of IMsecure and IMsecure Pro prior to 1.5

Vulnerability/Exploit:
The Active Link filter blocks potentially dangerous URLs in IM messages.
For example, IMsecure will remove URLs with extensions of .vbs, and .exe. By using \
hex encoded characters in the file extension of the URL, it is possible to bypass the \
Active Link filter.

Workaround:
Upgrade to version 1.5 or higher

Proof of Concept:
http://www.example.com/somefile.e%78e

In the example above, "78" is hex for "x".In plain English, the URL reads:

http://www.example.com/somefile.exe

Date Discovered:
April 1, 2004

Fix Available:
October 12, 2004

Severity:
Low

Credit:
Paul Kurczaba
Kurczaba Associates


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic