Vulnerability CVE-2005-2711


Published: 2005-12-31   Modified: 2012-02-12

Description:
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
ISS -> Blackice agent server 
ISS -> Blackice pc protection 
ISS -> Blackice server protection 
ISS -> Realsecure desktop 

 References:
http://www.vupen.com/english/advisories/2006/1090
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403
http://xforce.iss.net/xforce/xfdb/25423
http://www.securityfocus.com/bid/17218
http://www.osvdb.org/24096
http://securitytracker.com/id?1015821
http://securitytracker.com/id?1015820
http://secunia.com/advisories/19327

Copyright 2024, cxsecurity.com

 

Back to Top