Iss Blackice Pc Protection vulnerabilities
13 known vulnerabilities affecting iss/blackice_pc_protection.
Total CVEs
13
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM7LOW1
Vulnerabilities
Page 1 of 1
CVE-2004-0362P2HIGHCVSS 7.5PoCv3.6cbzv3.6cca+5 more2004-04-15
CVE-2004-0362 [HIGH] CVE-2004-0362: Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Modul
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname,
nvd
CVE-2003-5001P3CRITICALCVSS 9.8vn/a2022-03-28
CVE-2003-5001 [CRITICAL] CWE-269 CVE-2003-5001: A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this
A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is
nvd
CVE-2004-0193P3HIGHCVSS 7.5v3.6cbd2004-03-15
CVE-2004-0193 [HIGH] CVE-2004-0193: Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of
Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary
nvd
CVE-2004-1714P4HIGHCVSS 7.1PoCv3.6cbdv3.6cbr+8 more2004-08-11
CVE-2004-1714 [HIGH] CWE-732 CVE-2004-1714: BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.i
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
nvd
CVE-2006-4541P4MEDIUMCVSS 4.6PoC≤ 3.6v3.6cpie+2 more2006-09-05
CVE-2006-4541 [MEDIUM] CWE-20 CVE-2006-4541: RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local
RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected.
nvd
CVE-2006-7129P4LOWCVSS 2.1PoCv3.6cpjv3.6cpu2007-03-06
CVE-2006-7129 [LOW] CVE-2006-7129: ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to byp
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.
nvd
CVE-2003-5003P4MEDIUMCVSS 6.1vn/a2022-03-28
CVE-2003-5003 [MEDIUM] CWE-80 CVE-2003-5003: A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected
A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products th
nvd
CVE-2003-5002P4MEDIUMCVSS 5.3vn/a2022-03-28
CVE-2003-5002 [MEDIUM] CWE-319 CVE-2003-5002: A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affect
A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
nvd
CVE-2005-2711P4HIGHCVSS 7.2v3.6v3.6cpu2005-12-31
CVE-2005-2711 [HIGH] CVE-2005-2711: ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection,
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.
nvd
CVE-2006-3840P4MEDIUMCVSS 5.0v3.6cpk2006-07-27
CVE-2006-3840 [MEDIUM] CWE-399 CVE-2006-3840: The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.
The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_M
nvd
CVE-2004-2126P4MEDIUMCVSS 4.6≤ 3.6cbz2004-12-31
CVE-2004-2126 [MEDIUM] CVE-2004-2126: The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such
The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.
nvd
CVE-2004-2125P4MEDIUMCVSS 4.6v3.6cbd2004-12-31
CVE-2004-2125 [MEDIUM] CVE-2004-2125: Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.
nvd
CVE-2006-3999P4MEDIUMCVSS 4.6v3.6cpiev3.6cpj2006-08-05
CVE-2006-3999 [MEDIUM] CVE-2006-3999: ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor
ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileg
nvd