Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2126


Vulnerability Score 4.6 4.6
CVE Id CVE-2004-2126
Last Modified 05 Sep 2008 04:43:16
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.

Vulnerable Systems


  • Iss Blackice Pc Protection 3.6cbz


BID - 9513

BUGTRAQ - 20040128 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM

Last Updated: 27 May 2016 10:39:21