Vulnerabilities > CVE-2005-2711 - Local Privilege Escalation vulnerability in Internet Security Systems BlackICE and RealSecure Desktop

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

iss

NVD

Published: 2005-12-31

Updated: 2017-07-11

Summary

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.

Vulnerable Configurations

Part	Description	Count
Application	Iss ISS Blackice Agent Server * ISS Blackice PC Protection 3.6 ISS Blackice PC Protection 3.6Cpu ISS Blackice Server Protection * ISS Realsecure Desktop 3.6 ISS Realsecure Desktop 7.0	6

References

http://secunia.com/advisories/19327
http://securitytracker.com/id?1015820
http://securitytracker.com/id?1015821
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403
http://www.osvdb.org/24096
http://www.securityfocus.com/bid/17218
http://www.vupen.com/english/advisories/2006/1090
https://exchange.xforce.ibmcloud.com/vulnerabilities/25423