CVE-2006-7129 – Internet Security Systems 3.6 - 'ZWDeleteFile()' Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2006-7129
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files. ISS BlackICEPC Protection 3.6 cpj y cpu, y posiblemente versiones anteriores, permite a usuarios locales evitar el esquema de protección utilizando la función ZwDeleteFile del API para borrar el archivo crítico filelock.txt, el cual almacena información sobre archivos protegidos. • https://www.exploit-db.com/exploits/28817 http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0298.html http://securityreason.com/securityalert/2361 http://www.matousec.com/info/advisories/BlackICE-Filelock-protection-bypass.php http://www.osvdb.org/30901 http://www.securityfocus.com/archive/1/448763/100/0/threaded http://www.securityfocus.com/bid/20546 https://exchange.xforce.ibmcloud.com/vulnerabilities/29575 •
CVE-2006-4541 – Internet Security Systems 3.6 BlackICE - Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4541
RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected. RapDrv.sys en BlackICE PC Protection 3.6.cpn, cpj, cpiE, y posiblemente 3.6 y anteriores, permite a usuarios locales provocar denegación de servicio (caida) a través de un tercer argumento NULL a la función NtOpenSection API. NOTA: Posteriormente fue notificado que 3.6.cqn también se ve afectado. • https://www.exploit-db.com/exploits/28469 http://secunia.com/advisories/21710 http://securityreason.com/securityalert/1512 http://www.matousec.com/info/advisories/BlackICE-Insufficient-validation-of-arguments-of-NtOpenSection.php http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php http://www.osvdb.org/28332 http://www.securityfocus.com/archive/1/444958/100/0/threaded • CWE-20: Improper Input Validation •
CVE-2005-2711
https://notcve.org/view.php?id=CVE-2005-2711
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM. • http://secunia.com/advisories/19327 http://securitytracker.com/id?1015820 http://securitytracker.com/id?1015821 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403 http://www.osvdb.org/24096 http://www.securityfocus.com/bid/17218 http://www.vupen.com/english/advisories/2006/1090 https://exchange.xforce.ibmcloud.com/vulnerabilities/25423 •
CVE-2004-2126
https://notcve.org/view.php?id=CVE-2004-2126
The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. • http://marc.info/?l=bugtraq&m=107530966524193&w=2 http://www.securityfocus.com/bid/9513 •