CVE-2004-2126
First published: Fri Dec 31 2004(Updated: )
The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM ISS BlackICE PC Protection | <=3.6cbz |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-2126?
CVE-2004-2126 is considered to have a high severity due to the potential for local users to modify configuration settings.
How do I fix CVE-2004-2126?
To fix CVE-2004-2126, adjust the file permissions for the affected .INI files to restrict access to authorized users only.
What versions of BlackICE are affected by CVE-2004-2126?
CVE-2004-2126 affects BlackICE PC Protection version 3.6 and earlier.
What files are involved in CVE-2004-2126?
CVE-2004-2126 involves insecure permissions for configuration files such as blackice.ini, firewall.ini, protect.ini, and sigs.ini.
Can CVE-2004-2126 lead to arbitrary code execution?
Yes, CVE-2004-2126 may allow local users to execute arbitrary code by exploiting the vulnerabilities related to the insecure .INI files.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/iss
- product/blackice pc protection
- canonical/ibm iss blackice pc protection
- version/ibm iss blackice pc protection/3.6cbz