BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Blackice_pc_protection | Iss | 3.6cbd (including) | 3.6cbd (including) |
Blackice_pc_protection | Iss | 3.6cbr (including) | 3.6cbr (including) |
Blackice_pc_protection | Iss | 3.6cbz (including) | 3.6cbz (including) |
Blackice_pc_protection | Iss | 3.6cca (including) | 3.6cca (including) |
Blackice_pc_protection | Iss | 3.6ccb (including) | 3.6ccb (including) |
Blackice_pc_protection | Iss | 3.6ccc (including) | 3.6ccc (including) |
Blackice_pc_protection | Iss | 3.6ccd (including) | 3.6ccd (including) |
Blackice_pc_protection | Iss | 3.6cce (including) | 3.6cce (including) |
Blackice_pc_protection | Iss | 3.6ccf (including) | 3.6ccf (including) |
Blackice_pc_protection | Iss | 3.6ccg (including) | 3.6ccg (including) |
Blackice_server_protection | Iss | 3.5cdf (including) | 3.5cdf (including) |
Blackice_server_protection | Iss | 3.6cbz (including) | 3.6cbz (including) |
Blackice_server_protection | Iss | 3.6cca (including) | 3.6cca (including) |
Blackice_server_protection | Iss | 3.6ccb (including) | 3.6ccb (including) |
Blackice_server_protection | Iss | 3.6ccc (including) | 3.6ccc (including) |
Blackice_server_protection | Iss | 3.6ccd (including) | 3.6ccd (including) |
Blackice_server_protection | Iss | 3.6cce (including) | 3.6cce (including) |
Blackice_server_protection | Iss | 3.6ccf (including) | 3.6ccf (including) |
Blackice_server_protection | Iss | 3.6ccg (including) | 3.6ccg (including) |
Blackice_server_protection | Iss | 3.6cch (including) | 3.6cch (including) |
Blackice_server_protection | Iss | 3.6cno (including) | 3.6cno (including) |