7.1

CVE-2004-1714

Exploit

BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.

Data is provided by the National Vulnerability Database (NVD)
IssBlackice Pc Protection Version3.6cbd
IssBlackice Pc Protection Version3.6cbr
IssBlackice Pc Protection Version3.6cbz
IssBlackice Pc Protection Version3.6cca
IssBlackice Pc Protection Version3.6ccb
IssBlackice Pc Protection Version3.6ccc
IssBlackice Pc Protection Version3.6ccd
IssBlackice Pc Protection Version3.6cce
IssBlackice Pc Protection Version3.6ccf
IssBlackice Pc Protection Version3.6ccg
IssBlackice Server Protection Version3.5cdf
IssBlackice Server Protection Version3.6cbz
IssBlackice Server Protection Version3.6cca
IssBlackice Server Protection Version3.6ccb
IssBlackice Server Protection Version3.6ccc
IssBlackice Server Protection Version3.6ccd
IssBlackice Server Protection Version3.6cce
IssBlackice Server Protection Version3.6ccf
IssBlackice Server Protection Version3.6ccg
IssBlackice Server Protection Version3.6cch
IssBlackice Server Protection Version3.6cno
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.14% 0.308
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://www.securityfocus.com/bid/10915
Third Party Advisory
Vendor Advisory
Exploit
Broken Link
VDB Entry