ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability

CVE	Category	Price	Severity
CVE-2000-0026	CWE-94	Not specified	High

Author	Risk	Exploitation Type	Date
Marc Schoenefeld	High	Local	2006-08-13

CPE	PURL
cpe:cpe:/a:internet_security_systems:blackice_pc_protection

CVSS	EPSS	EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	0.02192	0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006080047

Below is a copy:

BlackICE does not protect pamversion.dll in its installation directory. And also because its component
protection fails to protect BlackICE processes this can be misused to inject fake DLL into BlackICE service.

The whole advisory with more details and source code is available here
http://www.matousec.com/info/advisories/BlackICE-DLL-faking-of-run-time-
linked-libraries.php

Regards,

-- 
David Matousek

Founder and Chief Representative of Matousec - Transparent security
http://www.matousec.com/

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum