Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2126

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-2126
Last Modified 05 Sep 2008 04:43:16
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2126

Summary

The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.

Vulnerable Systems

Application

  • Iss Blackice Pc Protection 3.6cbz


References

BID - 9513

BUGTRAQ - 20040128 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM


Last Updated: 27 May 2016 10:39:21