ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability

2006.08.08

Credit: David Matousek

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2006-3999

CWE: CWE-Other

Ogólna skala CVSS: 4.6/10

Znaczenie: 6.4/10

Łatwość wykorzystania: 3.9/10

Wymagany dostęp: Lokalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Częściowy

Wpływ na dostępność: Częściowy

BlackICE does not protect pamversion.dll in its installation directory. And also because its component
protection fails to protect BlackICE processes this can be misused to inject fake DLL into BlackICE service.

The whole advisory with more details and source code is available here
http://www.matousec.com/info/advisories/BlackICE-DLL-faking-of-run-time-
linked-libraries.php

Regards,

-- 
David Matousek

Founder and Chief Representative of Matousec - Transparent security
http://www.matousec.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.