CVE-2005-2711
First published: Sat Dec 31 2005(Updated: )
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM ISS BlackICE Agent Server | ||
| IBM ISS BlackICE PC Protection | =3.6 | |
| IBM ISS BlackICE PC Protection | =3.6cpu | |
| ISS BlackICE Server Protection | ||
| Iss Realsecure Desktop | =3.6 | |
| Iss Realsecure Desktop | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403
- http://www.securityfocus.com/bid/17218
- http://www.osvdb.org/24096
- http://securitytracker.com/id?1015820
- http://securitytracker.com/id?1015821
- http://secunia.com/advisories/19327
- http://www.vupen.com/english/advisories/2006/1090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25423
Frequently Asked Questions
What is the severity of CVE-2005-2711?
CVE-2005-2711 has a medium severity rating due to the potential for local privilege escalation.
How do I fix CVE-2005-2711?
To mitigate CVE-2005-2711, apply any patches or updates provided by ISS for the affected versions of their software.
Which products are affected by CVE-2005-2711?
CVE-2005-2711 affects ISS BlackIce 3.6, BlackICE PC Protection 3.6, RealSecure Desktop versions 3.6 and 7.0, and the Blackice Agent for Server.
Can CVE-2005-2711 be exploited remotely?
CVE-2005-2711 cannot be exploited remotely, as it requires local access to the affected system.
What types of attacks are possible with CVE-2005-2711?
CVE-2005-2711 may allow attackers to escalate their privileges on a local machine, potentially leading to unauthorized access or data manipulation.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/iss
- canonical/ibm iss blackice agent server
- canonical/ibm iss blackice pc protection
- version/ibm iss blackice pc protection/3.6
- version/ibm iss blackice pc protection/3.6cpu
- canonical/iss blackice server protection
- canonical/iss realsecure desktop
- version/iss realsecure desktop/3.6
- version/iss realsecure desktop/7.0