CVE Vulnerabilities

CVE-2006-3697

Published: Jul 21, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the open folder option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the Save Configuration As option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.

Affected Software

Name Vendor Start Version End Version
Outpost_firewall Agnitum 3.51.759.6511 (including) 3.51.759.6511 (including)
Lavasoft_personal_firewall Lavasoft 1.0.543.5722.433 (including) 1.0.543.5722.433 (including)
Client_firewall Novell 2.0 (including) 2.0 (including)

References