How to Use Windows Security to Keep Your PC Protected

Your Microsoft computer comes with built-in safety software that shields you from the worst threats. Here's how to navigate your toolkit...

CVE-2003-5002

A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2003-5003

The CVE-2003-5003 entry concerns IBM ISS BlackICE PC Protection. Affected component: the Update Handler. Root cause: manipulation of an unknown input leads to cross-site scripting. Impact: potential remote exploitation with constrained integrity/availability (per sources, XSS could affect a clien...

CVE-2003-5003 ISS BlackICE PC Protection Update cross site scriting

A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may ...

Wayport Public Access PC protection bypass

It's possible to disable protection by disabling Internet Explorer plugin...

CVE-2006-7129

ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files...

CVE-2006-7129

CVE-2006-7129 concerns ISS BlackICE PC Protection 3.6 cpj and possibly earlier versions. The issue allows local users to bypass the protection scheme by calling ZwDeleteFile to delete the critical filelock.txt, which stores information about protected files. The root cause is tampering with the f...

ISS BlackICE PC Protection DoS

Invalid NtOpenSection hook causes sytem to crash if 3rd paramter is NULL...

CVE-2006-3999

ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries...

CVE-2006-3999

ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE (and possibly earlier) are vulnerable due to improper integrity checking of the pamversion.dll BlackICE library, allowing local users to subvert BlackICE by replacing pamversion.dll. The attack would generally require administrative privileges to repla...

ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability

BlackICE does not protect pamversion.dll in its installation directory. And also because its component protection fails to protect BlackICE processes this can be misused to inject fake DLL into BlackICE service. The whole advisory with more details and source code is available here...

CVE-2004-2126

CVE-2004-2126 affects BlackICE PC Protection 3.6 and earlier. The upgrade sets insecure permissions on INI files (blackice.ini, firewall.ini, protect.ini, sigs.ini), allowing local users to modify BlackICE configuration and, via vulnerabilities in the INI parsers, potentially execute arbitrary co...