Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ISS多个产品本地权限提升漏洞
Vulnerability Description
ISS的BlackICE Defender、BlackICE Agent和RealSecure Server Sensor是运行在Microsoft Windows环境下的网络入侵检测系统。 ISS的多个产品对文件执行的处理上存在漏洞,本地用户可能利用此漏洞提升自己的权限。 如果要利用这个漏洞,攻击者必须要触发操作,使得应用程序保护模块显示警告信息。对于BlackIce产品,可以产品初次安装完成后启动任意可执行程序来触发上述操作。在"应用程序保护"对话框中点击"更多信息"就会弹出第二级表单。激活该表单后,
CVSS Information
N/A
Vulnerability Type
N/A