CVE-2004-1714

BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.

Published: Aug 11, 2004
Updated: May 9, 2024
CVE: CVE-2004-1714
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
iss / blackice_server_protection	3.6ccg	3.6ccg.x
iss / blackice_pc_protection	3.6ccf	3.6ccf.x
iss / blackice_pc_protection	3.6ccb	3.6ccb.x
iss / blackice_pc_protection	3.6cbz	3.6cbz.x
iss / blackice_pc_protection	3.6cce	3.6cce.x
iss / blackice_pc_protection	3.6cbr	3.6cbr.x
iss / blackice_pc_protection	3.6cca	3.6cca.x
iss / blackice_server_protection	3.6cch	3.6cch.x
iss / blackice_server_protection	3.6ccb	3.6ccb.x
iss / blackice_server_protection	3.6cno	3.6cno.x
iss / blackice_pc_protection	3.6ccd	3.6ccd.x
iss / blackice_server_protection	3.5cdf	3.5cdf.x
iss / blackice_server_protection	3.6cce	3.6cce.x
iss / blackice_pc_protection	3.6ccc	3.6ccc.x
iss / blackice_server_protection	3.6ccd	3.6ccd.x
iss / blackice_pc_protection	3.6cbd	3.6cbd.x
iss / blackice_server_protection	3.6cca	3.6cca.x
iss / blackice_pc_protection	3.6ccg	3.6ccg.x
iss / blackice_server_protection	3.6ccc	3.6ccc.x
iss / blackice_server_protection	3.6cbz	3.6cbz.x
iss / blackice_server_protection	3.6ccf	3.6ccf.x

Vulnerability Database

289,784

CVE-2004-1714