Lucene search

[email protected]CVE-2006-3999

HistoryAug 05, 2006 - 1:04 a.m.

CVE-2006-3999

2006-08-0501:04:00

[email protected]

web.nvd.nist.gov

cve-2006-3999

iss

blackice

pc protection

integrity monitoring

vulnerability

pamversion.dll

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.

Affected configurations

NVD

Node

issblackice_pc_protectionMatch3.6cpie

issblackice_pc_protectionMatch3.6cpj

CPENameOperatorVersion
iss:blackice_pc_protectioniss blackice pc protectioneq3.6cpie
iss:blackice_pc_protectioniss blackice pc protectioneq3.6cpj

CPE	Name	Operator	Version
iss:blackice_pc_protection	iss blackice pc protection	eq	3.6cpie
iss:blackice_pc_protection	iss blackice pc protection	eq	3.6cpj

References

securityreason.com/securityalert/1338

securitytracker.com/id?1016618

www.securityfocus.com/archive/1/441829/100/0/threaded

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-3999

cvelist1 nvd1