https://www.exploit-db.com/exploits/21169
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-160

TinyPersonalFirewall1.0和2.0版本存在漏洞。本地用户借助非标准TCP包创建的非Windows协议适配器从而绕过过滤。

source: http://www.securityfocus.com/bid/3647/info

Due to a common design error, it may be possible for outbound packets to bypass packet filtering in many personal firewalls.

Many of these applications only block packets created by the standard Windows protocol adapter. It is possible for a user with administrative privileges to create packets with other protocol adapters that are not evaluated against the personal firewall rules when transmitted.

Exploitation will result in a violation of security policy.

Tiny Personal Firewall, ZoneAlarm and ZoneAlarm Pro are confirmed vulnerable. It is believed that other applications similar in design may also be vulnerable. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/21169.zip

来源:BID
名称:3647
链接:http://www.securityfocus.com/bid/3647
来源:XF
名称:zonealarm-tiny-bypass-filter(7671)
链接:http://www.iss.net/security_center/static/7671.php
来源:BUGTRAQ
名称:20011205Flawedoutboundpacketfilteringinvariouspersonalfirewalls
链接:http://archives.neohapsis.com/archives/bugtraq/2001-12/0056.html