Zone Labs IMSecure URL Filtering
Overview: The Zone Labs IMsecure® product line provides security features to help users use Instant Messaging networks securely and safely.
Under some circumstances, IMsecure and IMsecure Pro may allow specifically encoded URLs to bypass Active Link filtering. As such, an IMsecure user with Active Link filtering enabled may receive an unfiltered active link.
Upgrading to the latest release of IMsecure and IMsecure Pro will resolve this issue. The latest releases of IMsecure and IMsecure Pro are versions 1.5 or newer.
Date Published: October 13, 2004
Date Last Revised: October 13, 2004
Impact: Low risk. Users of IMsecure could receive a URL link to malicious content despite the Active Link feature being enabled. However, clicking a link in the IMsecure interface will launch the default web browser—which will also prompt the user before executing any code. This issue requires direct action by user to present any risk.
- IMsecure and IMsecure Pro versions older than 1.5
- No other Zone Labs products are affected by this issue
Description: Zone Labs IMsecure products contain features to filter URLs sent to the user. Users may enable or disable these features. A specially crafted URL may bypass IMsecure product filtering, thereby presenting an active URL link for the user to click on. This link could be malicious and therefore present increased risk to the end user.
This issue requires direct action by user to present any risk. In all cases, the user must click the URL link to become exposed to any malicious code. A user cannot be attacked without taking specific action to click a malicious link.
Recommended Actions: IMsecure and IMsecure Pro users should upgrade to version 1.5 or newer.
Acknowledgments: Zone Labs would like to acknowledge Paul Kurczaba for reporting this issue to Zone Labs.
Contact: Zone Labs customers who are concerned about information contained in this advisory or have additional technical questions may reach our Technical Support team at: http://www.zonelabs.com/support/. To report security issues with Zone Labs products contact email@example.com.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Zone Labs and Zone Labs products, are registered trademarks of Zone Labs Incorporated. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.
Copyright: ©2004 Zone Labs LLC All rights reserved. Zone Labs, TrueVector, ZoneAlarm, and Cooperative Enforcement are registered trademarks of Zone Labs LLC The Zone Labs logo, Check Point Integrity and IMsecure are trademarks of Zone Labs, Inc. Check Point Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. Cooperative Enforcement is a service mark of Zone Labs LLC All other trademarks are the property of their respective owners.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Zone Labs. Reprinting the whole or part of this alert in any medium other than electronically requires permission from Zone Labs.