CVE-2004-0612

Name of the Vulnerable Software and Affected Versions ZoneAlarm Pro version 5.0.590.015

Description The issue concerns the Mobile Code filter in ZoneAlarm Pro, which fails to filter mobile code within an SSL encrypted session. This could potentially allow remote attackers to bypass the mobile code filtering. It is noted that the vendor has disputed this behavior, stating it is required by the SSL specification.

Recommendations For ZoneAlarm Pro version 5.0.590.015, consider restricting access to SSL encrypted sessions until a fix is available, or disabling the Mobile Code filter as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.