Vulnerabilities > CVE-2004-2329 - Local Privilege Escalation vulnerability in Kerio Personal Firewall 2.1.5

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

kerio

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.

Vulnerable Configurations

Part	Description	Count
Application	Kerio Kerio Personal Firewall 2.1.5	1

References

http://secunia.com/advisories/10746/
http://www.osvdb.org/3748
http://www.securityfocus.com/bid/9525
http://www.securitytracker.com/alerts/2004/Jan/1008870.html
http://www.tuneld.com/_images/other/kpf_system_privileges.png
http://www.tuneld.com/news/?id=30
https://exchange.xforce.ibmcloud.com/vulnerabilities/14981