ISS BlackICE/PC Protection Unprivileged User Local DoS

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.


Synopsis :

The firewall running on the remote host has a local buffer overflow
vulnerability.

Description :

ISS BlackICE is a personal Firewall/IDS for windows Desktops. Based on
the version number, the remote BlackICE install is vulnerable to a
local attack due to incorrect file permissions.

*** Nessus based the results of this test on the contents of *** the
local BlackICE configuration file.

See also :

http://seclists.org/bugtraq/2004/Aug/153
http://seclists.org/fulldisclosure/2004/Aug/494
http://seclists.org/fulldisclosure/2004/Aug/506

Solution :

Upgrade to the latest version of BlackICE.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.9
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 14270 (blackice_configs.nasl)

Bugtraq ID: 10915

CVE ID: CVE-2004-1714
CVE-2004-2126

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now