ISS BlackICE PC Protection 'pamversion.dll'BlackICE库安全特权漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193925 漏洞类型 未知
发布时间 2006-08-04 更新时间 2006-08-04
CVE编号 CVE-2006-3999 CNNVD-ID CNNVD-200608-074
漏洞平台 N/A CVSS评分 4.6
|漏洞来源
https://www.securityfocus.com/bid/82959
https://cxsecurity.com/issue/WLB-2006080047
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-074
|漏洞详情
ISSBlackICEPCProtection3.6.cpj,3.6.cpiE,可能还包括早期版本,没有对pamversion.dllBlackICE库的完整性进行正确监控,利用此漏洞,本地用户可通过替换pamversion.dll文件破坏BlackICE软件。注意:通常,攻击者不会超越特权界限,因为替换pamversion.dll需要管理员特权。然而,由于BlackICE软件抵御某些rogue特权操作,此问题便成为安全漏洞。
|漏洞EXP
BlackICE does not protect pamversion.dll in its installation directory. And also because its component
protection fails to protect BlackICE processes this can be misused to inject fake DLL into BlackICE service.

The whole advisory with more details and source code is available here
http://www.matousec.com/info/advisories/BlackICE-DLL-faking-of-run-time-
linked-libraries.php

Regards,

-- 
David Matousek

Founder and Chief Representative of Matousec - Transparent security
http://www.matousec.com/
|参考资料

来源:BUGTRAQ
名称:20060801ISSBlackICEPCProtectionDLLfakingofrun-timelinkedlibrariesVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/441829/100/0/threaded
来源:SECTRACK
名称:1016618
链接:http://securitytracker.com/id?1016618
来源:SREASON
名称:1338
链接:http://securityreason.com/securityalert/1338