Summary
With version 3.7 of the ZoneAlarm products, ZoneAlarm has fixed a vulnerability that might allow an application to simulate user input to change user settings. Most personal firewalls are vulnerable to this.

Background
Previous versions of ZoneAlarm products were vulnerable to a "proof of concept" demonstration application. This test application used various APIs to send keystrokes to the user interface of ZoneAlarm. User settings could then be changed, granting Internet access to the test application. Password protection made the products less susceptible to this attack. Both ZoneAlarm and the creator of the test application have confirmed that version 3.7 of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro has fixed this vulnerability.

Actions
Although ZoneAlarm is not aware of any instances of malicious software utilizing this exploit, we recommend that all ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro users upgrade to the new 3.7 versions. Registered users who have enabled the “Check for Update” feature are informed by the software automatically whenever a new software update is released.

Credit
We wish to thank Mr. Yaron Tal (of YTECH.CO.IL) for notifying us of this potential vulnerability. He gave us invaluable assistance to to rectify the issue.

Date Published
February 24, 2003