CVE-2005-3560 - Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus

CVE-2005-3560

Summary

Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags.

References

Vulnerable Configurations

cpe:2.3:a:zonelabs:zonealarm:6.0:*:*:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm:6.0:*:*:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm:6.0:*:pro:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm:6.0:*:pro:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm_anti-spyware:6.0:*:*:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm_anti-spyware:6.0:*:*:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm_anti-spyware:6.1:*:*:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm_anti-spyware:6.1:*:*:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm_antivirus:6.0:*:*:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm_antivirus:6.0:*:*:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm_security_suite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:zonelabs:zonealarm_security_suite:6.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15347
bugtraq	20051107 Zone Labs Products Advance Program Control and OS Firewall (Behavioral Based) Technology Bypass Vulnerability
osvdb	20677
secunia	17450
sreason	155
xf	zonealarm-showhtmldialog-obtain-information(22971)

Last major update

11-07-2017 - 01:33

Published

16-11-2005 - 07:42

Last modified

11-07-2017 - 01:33