CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
0.4%
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.
Vendor | Product | Version | CPE |
---|---|---|---|
iss | blackice_pc_protection | 3.6cpj | cpe:2.3:a:iss:blackice_pc_protection:3.6cpj:*:*:*:*:*:*:* |
iss | blackice_pc_protection | 3.6cpu | cpe:2.3:a:iss:blackice_pc_protection:3.6cpu:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/fulldisclosure/2006-10/0298.html
securityreason.com/securityalert/2361
www.matousec.com/info/advisories/BlackICE-Filelock-protection-bypass.php
www.osvdb.org/30901
www.securityfocus.com/archive/1/448763/100/0/threaded
www.securityfocus.com/bid/20546
exchange.xforce.ibmcloud.com/vulnerabilities/29575