CVE-2006-4541 – Internet Security Systems 3.6 BlackICE - Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4541
RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected. RapDrv.sys en BlackICE PC Protection 3.6.cpn, cpj, cpiE, y posiblemente 3.6 y anteriores, permite a usuarios locales provocar denegación de servicio (caida) a través de un tercer argumento NULL a la función NtOpenSection API. NOTA: Posteriormente fue notificado que 3.6.cqn también se ve afectado. • https://www.exploit-db.com/exploits/28469 http://secunia.com/advisories/21710 http://securityreason.com/securityalert/1512 http://www.matousec.com/info/advisories/BlackICE-Insufficient-validation-of-arguments-of-NtOpenSection.php http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php http://www.osvdb.org/28332 http://www.securityfocus.com/archive/1/444958/100/0/threaded • CWE-20: Improper Input Validation •
CVE-2005-2711
https://notcve.org/view.php?id=CVE-2005-2711
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM. • http://secunia.com/advisories/19327 http://securitytracker.com/id?1015820 http://securitytracker.com/id?1015821 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403 http://www.osvdb.org/24096 http://www.securityfocus.com/bid/17218 http://www.vupen.com/english/advisories/2006/1090 https://exchange.xforce.ibmcloud.com/vulnerabilities/25423 •
CVE-2004-2126
https://notcve.org/view.php?id=CVE-2004-2126
The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. • http://marc.info/?l=bugtraq&m=107530966524193&w=2 http://www.securityfocus.com/bid/9513 •
CVE-2004-2125
https://notcve.org/view.php?id=CVE-2004-2125
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value. • http://archives.neohapsis.com/archives/iss/2004-q1/0157.html http://marc.info/?l=bugtraq&m=107530966524193&w=2 http://secunia.com/advisories/10739 http://www.osvdb.org/3740 http://www.securityfocus.com/bid/9514 https://exchange.xforce.ibmcloud.com/vulnerabilities/14965 •
CVE-2004-1714 – Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun
https://notcve.org/view.php?id=CVE-2004-1714
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule. • https://www.exploit-db.com/exploits/24362 http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html http://marc.info/?l=bugtraq&m=109223751031166&w=2 http://www.securityfocus.com/bid/10915 https://exchange.xforce.ibmcloud.com/vulnerabilities/16959 • CWE-732: Incorrect Permission Assignment for Critical Resource •