CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2006-7129 – Internet Security Systems 3.6 - 'ZWDeleteFile()' Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2006-7129
06 Mar 2007 — ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files. ISS BlackICEPC Protection 3.6 cpj y cpu, y posiblemente versiones anteriores, permite a usuarios locales evitar el esquema de protección utilizando la función ZwDeleteFile del API para borrar el archivo crítico filelock.txt, el cual almacena información sob... • https://www.exploit-db.com/exploits/28817 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2006-4541 – Internet Security Systems 3.6 BlackICE - Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4541
05 Sep 2006 — RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected. RapDrv.sys en BlackICE PC Protection 3.6.cpn, cpj, cpiE, y posiblemente 3.6 y anteriores, permite a usuarios locales provocar denegación de servicio (caida) a través de un tercer argumento NULL a la función NtOpenSection API. NOTA: Posteriormente fu... • https://www.exploit-db.com/exploits/28469 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2005-2711
https://notcve.org/view.php?id=CVE-2005-2711
31 Dec 2005 — ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM. • http://secunia.com/advisories/19327 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2126
https://notcve.org/view.php?id=CVE-2004-2126
31 Dec 2004 — The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. • http://marc.info/?l=bugtraq&m=107530966524193&w=2 •