Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2711

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-2711
Last Modified 07 Mar 2011 09:24:55
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2711

Summary

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.

Vulnerable Systems

Application

  • Iss Blackice Agent Server

  • Iss Blackice Pc Protection 3.6

  • Iss Blackice Pc Protection 3.6cpu

  • Iss Blackice Server Protection

  • Iss Realsecure Desktop 3.6

  • Iss Realsecure Desktop 7.0


References

VUPEN - ADV-2006-1090

IDEFENSE - 20060323 ISS Multiple Products Local Privilege Escalation Vulnerability

XF - blackice-appprotection-privilege-escalation(25423)

BID - 17218

OSVDB - 24096

SECTRACK - 1015821

SECTRACK - 1015820

SECUNIA - 19327


Last Updated: 27 May 2016 10:40:37