漏洞标题
N/A
漏洞描述信息
"Agnitum户外防火墙Pro 3.51.759.6511(462),在(1) Lavasoft个人防火墙1.0.543.5722(433)和(2)Slonify边界管理器Slonify客户端防火墙2.0中使用时,未正确限制运行在本地系统上下文中的应用程序窗口中的用户活动,这使本地用户能够获取权限并执行命令(a)在不存在 explorer.exe 实例时通过“打开文件夹”选项获得,可能与 ShellExecute API 函数相关;或(b)通过“保存配置为”选项覆盖批处理文件。注意:这可能成为 Microsoft Windows 和 explorer.exe 中的漏洞,而不是防火墙。"
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Lavasoft Personal Firewall本地提权漏洞
漏洞描述信息
(1) Lavasoft Personal Firewall 1.0.543.5722 (433)和(2) Novell BorderManager Novell Client Firewall 2.0使用的Agnitum Outpost Firewall Pro 3.51.759.6511(462)未正确限制在LocalSystem环境中运行的应用程序窗口中的用户活动。本地用户可以(a)借助没有explorer.exe运行的情形时,可能与ShellExecute API 函数有关的"open folde
CVSS信息
N/A
漏洞类别
授权问题