Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2004-1714

Published: 11/08/2004 Updated: 26/01/2024
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 215
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Blackice Server Protection

Vulnerability Summary

BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.

Vulnerable Product Search on Vulmon Subscribe to Product

iss blackice server protection 3.6ccg

iss blackice pc protection 3.6ccf

iss blackice pc protection 3.6ccb

iss blackice pc protection 3.6cbz

iss blackice pc protection 3.6cce

iss blackice pc protection 3.6cbr

iss blackice pc protection 3.6cca

iss blackice server protection 3.6cch

iss blackice server protection 3.6ccb

iss blackice server protection 3.6cno

iss blackice pc protection 3.6ccd

iss blackice server protection 3.5cdf

iss blackice server protection 3.6cce

iss blackice pc protection 3.6ccc

iss blackice server protection 3.6ccd

iss blackice pc protection 3.6cbd

iss blackice server protection 3.6cca

iss blackice pc protection 3.6ccg

iss blackice server protection 3.6ccc

iss blackice server protection 3.6cbz

iss blackice server protection 3.6ccf

Exploits

Exploit DB: Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun
source: wwwsecurityfocuscom/bid/10915/info It is reported that BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from the firewallini file included with the software It is reported that when the system is restarted, and the affected software reads the mali ...

References

CWE-732http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.htmlhttp://www.securityfocus.com/bid/10915http://marc.info/?l=bugtraq&m=109223751031166&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/16959https://nvd.nist.govhttps://www.exploit-db.com/exploits/24362/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook