Vulnerability Description
ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iss | Blackice Pc Protection | 3.6cpie |
References
- http://securityreason.com/securityalert/1338
- http://securitytracker.com/id?1016618
- http://www.securityfocus.com/archive/1/441829/100/0/threaded
- http://securityreason.com/securityalert/1338
- http://securitytracker.com/id?1016618
- http://www.securityfocus.com/archive/1/441829/100/0/threaded
FAQ
What is CVE-2006-3999?
CVE-2006-3999 is a vulnerability with a CVSS score of 4.6 (MEDIUM). ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE b...
How severe is CVE-2006-3999?
CVE-2006-3999 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3999?
Check the references section above for vendor advisories and patch information. Affected products include: Iss Blackice Pc Protection.