Vulnerabilities > CVE-2006-7129 - Unspecified vulnerability in ISS Blackice PC Protection 3.6Cpj/3.6Cpu
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Internet Security Systems 3.6 ZWDeleteFile Function Arbitrary File Deletion Vulnerability. CVE-2006-7129. Local exploits for multiple platform |
| id | EDB-ID:28817 |
| last seen | 2016-02-03 |
| modified | 2006-10-16 |
| published | 2006-10-16 |
| reporter | Matousec Transparent security |
| source | https://www.exploit-db.com/download/28817/ |
| title | Internet Security Systems 3.6 = ZWDeleteFile Function Arbitrary File Deletion Vulnerability |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0298.html
- http://securityreason.com/securityalert/2361
- http://www.matousec.com/info/advisories/BlackICE-Filelock-protection-bypass.php
- http://www.osvdb.org/30901
- http://www.securityfocus.com/archive/1/448763/100/0/threaded
- http://www.securityfocus.com/bid/20546
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29575