Lucene search

MitreCVE-2004-1714

HistoryFeb 26, 2005 - 5:00 a.m.

CVE-2004-1714

2005-02-2605:00:00

CWE-732

mitre

web.nvd.nist.gov

cve-2004-1714

blackice pc protection

server protection

firewall.ini

blackice.ini

sigs.ini

protect.ini

everyone full control permissions

denial of service

configuration modification

local users

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

Percentile

9.7%

JSON

BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.

Affected configurations

Nvd

Node

issblackice_pc_protectionMatch3.6cbd

issblackice_pc_protectionMatch3.6cbr

issblackice_pc_protectionMatch3.6cbz

issblackice_pc_protectionMatch3.6cca

issblackice_pc_protectionMatch3.6ccb

issblackice_pc_protectionMatch3.6ccc

issblackice_pc_protectionMatch3.6ccd

issblackice_pc_protectionMatch3.6cce

issblackice_pc_protectionMatch3.6ccf

issblackice_pc_protectionMatch3.6ccg

issblackice_server_protectionMatch3.5cdf

issblackice_server_protectionMatch3.6cbz

issblackice_server_protectionMatch3.6cca

issblackice_server_protectionMatch3.6ccb

issblackice_server_protectionMatch3.6ccc

issblackice_server_protectionMatch3.6ccd

issblackice_server_protectionMatch3.6cce

issblackice_server_protectionMatch3.6ccf

issblackice_server_protectionMatch3.6ccg

issblackice_server_protectionMatch3.6cch

issblackice_server_protectionMatch3.6cno

VendorProductVersionCPE
issblackice_pc_protection3.6cbdcpe:2.3:a:iss:blackice_pc_protection:3.6cbd:*:*:*:*:*:*:*
issblackice_pc_protection3.6cbrcpe:2.3:a:iss:blackice_pc_protection:3.6cbr:*:*:*:*:*:*:*
issblackice_pc_protection3.6cbzcpe:2.3:a:iss:blackice_pc_protection:3.6cbz:*:*:*:*:*:*:*
issblackice_pc_protection3.6ccacpe:2.3:a:iss:blackice_pc_protection:3.6cca:*:*:*:*:*:*:*
issblackice_pc_protection3.6ccbcpe:2.3:a:iss:blackice_pc_protection:3.6ccb:*:*:*:*:*:*:*
issblackice_pc_protection3.6ccccpe:2.3:a:iss:blackice_pc_protection:3.6ccc:*:*:*:*:*:*:*
issblackice_pc_protection3.6ccdcpe:2.3:a:iss:blackice_pc_protection:3.6ccd:*:*:*:*:*:*:*
issblackice_pc_protection3.6ccecpe:2.3:a:iss:blackice_pc_protection:3.6cce:*:*:*:*:*:*:*
issblackice_pc_protection3.6ccfcpe:2.3:a:iss:blackice_pc_protection:3.6ccf:*:*:*:*:*:*:*
issblackice_pc_protection3.6ccgcpe:2.3:a:iss:blackice_pc_protection:3.6ccg:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iss	blackice_pc_protection	3.6cbd	cpe:2.3:a:iss:blackice_pc_protection:3.6cbd:::::::*
iss	blackice_pc_protection	3.6cbr	cpe:2.3:a:iss:blackice_pc_protection:3.6cbr:::::::*
iss	blackice_pc_protection	3.6cbz	cpe:2.3:a:iss:blackice_pc_protection:3.6cbz:::::::*
iss	blackice_pc_protection	3.6cca	cpe:2.3:a:iss:blackice_pc_protection:3.6cca:::::::*
iss	blackice_pc_protection	3.6ccb	cpe:2.3:a:iss:blackice_pc_protection:3.6ccb:::::::*
iss	blackice_pc_protection	3.6ccc	cpe:2.3:a:iss:blackice_pc_protection:3.6ccc:::::::*
iss	blackice_pc_protection	3.6ccd	cpe:2.3:a:iss:blackice_pc_protection:3.6ccd:::::::*
iss	blackice_pc_protection	3.6cce	cpe:2.3:a:iss:blackice_pc_protection:3.6cce:::::::*
iss	blackice_pc_protection	3.6ccf	cpe:2.3:a:iss:blackice_pc_protection:3.6ccf:::::::*
iss	blackice_pc_protection	3.6ccg	cpe:2.3:a:iss:blackice_pc_protection:3.6ccg:::::::*

Rows per page:

1-10 of 211

References

lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html

marc.info/?l=bugtraq&m=109223751031166&w=2

www.securityfocus.com/bid/10915

exchange.xforce.ibmcloud.com/vulnerabilities/16959

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

Percentile

9.7%

JSON

Related for CVE-2004-1714