CyberSec.Space Logo
Back to CVE Browser

CVE-2005-2711

HIGH
7.2
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile32.05th
PublishedDec 31, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.

Affected Platforms (CPE)

πŸ“¦
Iss

Blackice Agent Server

All versions
πŸ“¦
Iss

Blackice Pc Protection

= 3.6
πŸ“¦
Iss

Blackice Pc Protection

= 3.6cpu
πŸ“¦
Iss

Blackice Server Protection

All versions
πŸ“¦
Iss

Realsecure Desktop

= 3.6
πŸ“¦
Iss

Realsecure Desktop

= 7.0

References & Advisories

πŸ”— http://secunia.com/advisories/19327
πŸ”— http://securitytracker.com/id?1015820
πŸ”— http://securitytracker.com/id?1015821
πŸ”— http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403
πŸ”— http://www.osvdb.org/24096
πŸ”— http://www.securityfocus.com/bid/17218
πŸ”— http://www.vupen.com/english/advisories/2006/1090
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/25423

Related Vulnerabilities

CVE-2002-02377.5

Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 a...

CVE-2005-063510.0

Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.

CVE-2005-063610.0

Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execut...

CVE-2005-089210.0

Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL ...