CVE-2006-3999

ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.

Published: Aug 5, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3999
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
iss / blackice_pc_protection	3.6cpie	3.6cpie.x
iss / blackice_pc_protection	3.6cpj	3.6cpj.x

http://securityreason.com/securityalert/1338
http://securitytracker.com/id?1016618
http://www.securityfocus.com/archive/1/441829/100/0/threaded

Vulnerability Database

289,784

CVE-2006-3999