|
Posted by on August 29, 2007, 9:07 am
If you were Registered and logged in, you could reply and use other advanced thread options
It is actually Microsoft HTML Help Executable (hh.exe) rather than
Wordpad or Internet Explorer that is bypassing your security settings.
You can verify this by opening any compiled help (*.chm) file. I had
not known that this could be used to bypass Zonealarm, but it has long
been a security concern in Citrix/Terminal Services environments.
Regards,
J Wolfgang Goerlich
> I have Zonealarm Version 7 and use Opera and Firefox exclusively on
> XP.
>
> However recently I brought up the IE browser which is hidden in
> Wordpad. ( Click Help Topics in Wordpad, Click the Question Mark top
> left and click jump to URL)
>
> I was able to connect towww.aliceinvideoland.co.nz and use its
> search functions( even though there was a specific block on " Mobile
> code" Zonealarms name for a mix of Javascript, vbscript, Java and
> Active X)
>
> Opera and Firefox were unable to get through this block to operate the
> search function as one would expect.
>
> When this block was removed Firefox and Opera could then access the
> site to use the search function.
>
> This implies that this embedded IE is able to do an end run around
> firewalls even though the Firewall is specifically set to black code
> from a specific site.
>
> I must admit to be most unpleasantly surprised when IE broke security
> in this fashion.
| 
XML site map