Internet Security Systems BlackICE PC Protection 3.6

CPE Details

Internet Security Systems BlackICE PC Protection 3.6
iss
blackice_pc_protection
3.6
2008-01-02
23h51 +00:00
2008-03-25
18h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:iss:blackice_pc_protection:3.6:*:*:*:*:*:*:*

Informations

Vendor

iss

Product

blackice_pc_protection

Version

3.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2006-4541 2006-09-05 21h00 +00:00 RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected.
4.6
CVE-2005-2711 2006-03-24 01h00 +00:00 ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.
7.2
CVE-2004-2126 2005-05-27 02h00 +00:00 The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.
4.6
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.