CVE-2005-2711
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2005
Last modified:
03/04/2025
Description
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:iss:blackice_agent_server:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:iss:blackice_pc_protection:3.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:iss:blackice_pc_protection:3.6cpu:*:*:*:*:*:*:* | ||
| cpe:2.3:a:iss:blackice_server_protection:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:iss:realsecure_desktop:3.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:iss:realsecure_desktop:7.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/19327
- http://securitytracker.com/id?1015820=
- http://securitytracker.com/id?1015821=
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403
- http://www.osvdb.org/24096
- http://www.securityfocus.com/bid/17218
- http://www.vupen.com/english/advisories/2006/1090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25423
- http://secunia.com/advisories/19327
- http://securitytracker.com/id?1015820=
- http://securitytracker.com/id?1015821=
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403
- http://www.osvdb.org/24096
- http://www.securityfocus.com/bid/17218
- http://www.vupen.com/english/advisories/2006/1090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25423