CVE-2004-1714
7.1
CVSS Score
High
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Link copied!
Description
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
CVSS Vector Details
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Affected Software Configurations
- a iss blackice_pc_protection 3.6cbd * * * * * * *
- a iss blackice_pc_protection 3.6cbr * * * * * * *
- a iss blackice_pc_protection 3.6cbz * * * * * * *
- a iss blackice_pc_protection 3.6cca * * * * * * *
- a iss blackice_pc_protection 3.6ccb * * * * * * *
- a iss blackice_pc_protection 3.6ccc * * * * * * *
- a iss blackice_pc_protection 3.6ccd * * * * * * *
- a iss blackice_pc_protection 3.6cce * * * * * * *
- a iss blackice_pc_protection 3.6ccf * * * * * * *
- a iss blackice_pc_protection 3.6ccg * * * * * * *
Weaknesses (CWE)
- CWE-732
References & External Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html
- http://marc.info/?l=bugtraq&m=109223751031166&w=2
- http://www.securityfocus.com/bid/10915
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16959
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html
- http://marc.info/?l=bugtraq&m=109223751031166&w=2
- http://www.securityfocus.com/bid/10915
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16959
External Resources
CVE History Timeline
May 31, 2005 15:28
Initial Analysis
Oct 18, 2016 02:59
CVE Modified
Jul 11, 2017 01:31
CVE Modified
Jan 26, 2024 17:21
Modified Analysis
May 14, 2024 01:26
CVE Modified
Nov 20, 2024 23:51
CVE Modified