CVE-2006-3697
published 2006-07-21CVE-2006-3697: Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client…
PriorityP424high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.48%
37.8th percentile
Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agnitum | outpost_firewall | — | — |
| lavasoft | lavasoft_personal_firewall | — | — |
| novell | client_firewall | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/21088http://secunia.com/advisories/21089http://www.ben.goulding.com.au/secad.htmlhttp://www.osvdb.org/27349http://www.securityfocus.com/archive/1/440426/100/0/threadedhttp://www.securityfocus.com/bid/19018http://www.securityfocus.com/bid/19024http://www.vupen.com/english/advisories/2006/2851http://www.vupen.com/english/advisories/2006/2852http://www.vupen.com/english/advisories/2007/0144https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.htmlhttp://secunia.com/advisories/21088http://secunia.com/advisories/21089http://www.ben.goulding.com.au/secad.htmlhttp://www.osvdb.org/27349http://www.securityfocus.com/archive/1/440426/100/0/threadedhttp://www.securityfocus.com/bid/19018http://www.securityfocus.com/bid/19024http://www.vupen.com/english/advisories/2006/2851http://www.vupen.com/english/advisories/2006/2852http://www.vupen.com/english/advisories/2007/0144https://secure-support.novell.com/KanisaPlatform/Publishing/903/3762108_f.SAL_Public.html
2006-07-21
Published