Vulnerability Description
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iss | Blackice Pc Protection | 3.6cbd |
| Iss | Blackice Server Protection | 3.5cdf |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.htmlNot Applicable
- http://marc.info/?l=bugtraq&m=109223751031166&w=2Mailing List
- http://www.securityfocus.com/bid/10915Broken LinkExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16959Third Party AdvisoryVDB Entry
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.htmlNot Applicable
- http://marc.info/?l=bugtraq&m=109223751031166&w=2Mailing List
- http://www.securityfocus.com/bid/10915Broken LinkExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16959Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-1714?
CVE-2004-1714 is a vulnerability with a CVSS score of 7.1 (HIGH). BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a d...
How severe is CVE-2004-1714?
CVE-2004-1714 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1714?
Check the references section above for vendor advisories and patch information. Affected products include: Iss Blackice Pc Protection, Iss Blackice Server Protection.