Vulnerability Description
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iss | Blackice Agent Server | 3.6eca |
| Iss | Blackice Pc Protection | 3.6cbd |
| Iss | Blackice Server Protection | 3.6cbz |
| Iss | Realsecure Desktop | 3.6eca |
References
- http://archives.neohapsis.com/archives/iss/2004-q1/0157.html
- http://marc.info/?l=bugtraq&m=107530966524193&w=2
- http://secunia.com/advisories/10739
- http://www.osvdb.org/3740
- http://www.securityfocus.com/bid/9514
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14965
- http://archives.neohapsis.com/archives/iss/2004-q1/0157.html
- http://marc.info/?l=bugtraq&m=107530966524193&w=2
- http://secunia.com/advisories/10739
- http://www.osvdb.org/3740
- http://www.securityfocus.com/bid/9514
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14965
FAQ
What is CVE-2004-2125?
CVE-2004-2125 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file...
How severe is CVE-2004-2125?
CVE-2004-2125 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2125?
Check the references section above for vendor advisories and patch information. Affected products include: Iss Blackice Agent Server, Iss Blackice Pc Protection, Iss Blackice Server Protection, Iss Realsecure Desktop.