CVE-2004-2329

Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2329
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
kerio / personal_firewall	2.1.5	2.1.5.x

http://secunia.com/advisories/10746/
http://www.osvdb.org/3748
http://www.securityfocus.com/bid/9525
http://www.securitytracker.com/alerts/2004/Jan/1008870.html
http://www.tuneld.com/_images/other/kpf_system_privileges.png
http://www.tuneld.com/news/?id=30
https://exchange.xforce.ibmcloud.com/vulnerabilities/14981

Vulnerability Database

289,871

CVE-2004-2329