Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ISS BlackICE Server Protect本地用户防火墙规则修改漏洞
Vulnerability Description
BlackICE Server Protect是ISS开发的防火墙系统。 BlackICE Server Protect firewall.ini默认权限设置不正确,本地攻击者可以利用这个漏洞修改配置文件,破坏防火墙规则。 当BlackICE安装后,会在本地C:\Program Files\ISS\Blackice目录中安装firewall.ini文件,但是默认ACL规则是所有人控制。这就允许本地非特权用户删除或修改防火墙规则,导致原有安全规则破坏。
CVSS Information
N/A
Vulnerability Type
N/A