返回 CVE 浏览器

CVE-2005-2711

HIGH

7.2

CVSS Severity Score

EPSS Score0.1360%

EPSS Percentile32.05th

Published2005年12月31日

Last Modified2026年4月16日

Vulnerability Description

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.

Affected Platforms (CPE)

📦

Iss

Blackice Agent Server

All versions

📦

Iss

Blackice Pc Protection

= 3.6

📦

Iss

Blackice Pc Protection

= 3.6cpu

📦

Iss

Blackice Server Protection

All versions

📦

Iss

Realsecure Desktop

= 3.6

📦

Iss

Realsecure Desktop

= 7.0

References & Advisories

🔗 http://secunia.com/advisories/19327

🔗 http://securitytracker.com/id?1015820

🔗 http://securitytracker.com/id?1015821

🔗 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403

🔗 http://www.osvdb.org/24096

🔗 http://www.securityfocus.com/bid/17218

🔗 http://www.vupen.com/english/advisories/2006/1090

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/25423

相关漏洞威胁

CVE-2002-02377.5

Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 a...

CVE-2005-063510.0

Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.

CVE-2005-103710.0

Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.

CVE-2005-063610.0

Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execut...