Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2125

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-2125
Last Modified 05 Sep 2008 04:43:15
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2125

Summary

Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.

Vulnerable Systems

Application

  • Iss Blackice Agent Server 3.6eca

  • Iss Blackice Pc Protection 3.6cbd

  • Iss Blackice Server Protection 3.6cbz

  • Iss Realsecure Desktop 3.6eca

  • Iss Realsecure Desktop 7.0ebg


References

XF - blackice-blackdexe-bo(14965)

BID - 9514

BUGTRAQ - 20040128 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM

OSVDB - 3740

SECUNIA - 10739

MLIST - [ISSForum] 20040128 Third party BlackICE advisory


Last Updated: 27 May 2016 10:39:21