Vulnerability Description
Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kerio | Personal Firewall | 2.1.5 |
References
- http://secunia.com/advisories/10746/Vendor Advisory
- http://www.osvdb.org/3748
- http://www.securityfocus.com/bid/9525
- http://www.securitytracker.com/alerts/2004/Jan/1008870.htmlExploit
- http://www.tuneld.com/_images/other/kpf_system_privileges.png
- http://www.tuneld.com/news/?id=30Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14981
- http://secunia.com/advisories/10746/Vendor Advisory
- http://www.osvdb.org/3748
- http://www.securityfocus.com/bid/9525
- http://www.securitytracker.com/alerts/2004/Jan/1008870.htmlExploit
- http://www.tuneld.com/_images/other/kpf_system_privileges.png
- http://www.tuneld.com/news/?id=30Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14981
FAQ
What is CVE-2004-2329?
CVE-2004-2329 is a vulnerability with a CVSS score of 7.2 (HIGH). Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges b...
How severe is CVE-2004-2329?
CVE-2004-2329 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2329?
Check the references section above for vendor advisories and patch information. Affected products include: Kerio Personal Firewall.