Vulnerabilities > ISS > Blackice PC Protection > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-05 | CVE-2006-4541 | Improper Input Validation vulnerability in ISS Blackice PC Protection RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. | 4.6 |
| 2006-08-05 | CVE-2006-3999 | Local Security vulnerability in ISS Blackice PC Protection 3.6Cpie/3.6Cpj ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. | 4.6 |
| 2006-07-27 | CVE-2006-3840 | Resource Management Errors vulnerability in ISS products The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode. | 5.0 |
| 2004-12-31 | CVE-2004-2126 | Unspecified vulnerability in ISS Blackice PC Protection The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. | 4.6 |
| 2004-12-31 | CVE-2004-2125 | Local Buffer Overrun vulnerability in Internet Security Systems BlackICE PC Protection blackd.exe Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value. | 4.6 |