CVE-2005-2711

Sažetak

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.

Reference

http://secunia.com/advisories/19327
http://securitytracker.com/id?1015820
http://securitytracker.com/id?1015821
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403
http://www.osvdb.org/24096
http://www.securityfocus.com/bid/17218
http://www.vupen.com/english/advisories/2006/1090
https://exchange.xforce.ibmcloud.com/vulnerabilities/25423

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

31-12-2005 - 05:00