漏洞标题
N/A
漏洞描述信息
ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE 和可能更早的版本并未正确监控 pamversion.dll BlackICE库的完整性,这使得本地用户可以通过替换 pamversion.dll 来绕过 BlackICE。请注意:在大多数情况下,攻击不会跨越权限边界,因为替换 pamversion.dll 需要管理员权限。然而,这个问题是一个漏洞,因为BlackICE旨在保护 against 某些 rogue privileged actions。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
ISS BlackICE PC Protection 'pamversion.dll'BlackICE库安全特权漏洞
漏洞描述信息
ISS BlackICE PC Protection 3.6.cpj,3.6.cpiE,可能还包括早期版本,没有对pamversion.dll BlackICE库的完整性进行正确监控,利用此漏洞,本地用户可通过替换pamversion.dll文件破坏BlackICE软件。注意:通常,攻击者不会超越特权界限,因为替换pamversion.dll需要管理员特权。然而,由于BlackICE软件抵御某些rogue特权操作,此问题便成为安全漏洞。
CVSS信息
N/A
漏洞类别
授权问题