Vulnerability Description
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iss | Blackice Agent Server | All versions |
| Iss | Blackice Pc Protection | 3.6 |
| Iss | Blackice Server Protection | All versions |
| Iss | Realsecure Desktop | 3.6 |
References
- http://secunia.com/advisories/19327
- http://securitytracker.com/id?1015820
- http://securitytracker.com/id?1015821
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403Vendor Advisory
- http://www.osvdb.org/24096
- http://www.securityfocus.com/bid/17218
- http://www.vupen.com/english/advisories/2006/1090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25423
- http://secunia.com/advisories/19327
- http://securitytracker.com/id?1015820
- http://securitytracker.com/id?1015821
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403Vendor Advisory
- http://www.osvdb.org/24096
- http://www.securityfocus.com/bid/17218
- http://www.vupen.com/english/advisories/2006/1090
FAQ
What is CVE-2005-2711?
CVE-2005-2711 is a vulnerability with a CVSS score of 7.2 (HIGH). ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help...
How severe is CVE-2005-2711?
CVE-2005-2711 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2711?
Check the references section above for vendor advisories and patch information. Affected products include: Iss Blackice Agent Server, Iss Blackice Pc Protection, Iss Blackice Server Protection, Iss Realsecure Desktop.