Advisory 2006-08-01.01

BlackICE DLL faking of run-time linked libraries Vulnerability

Basic information:

Description:

BlackICE implements application component protection for privileged programs but it fails to protect some of its own processes. Moreover, it does not protect file 'pamversion.dll' in its own installation directory against actions of other processes. It is possible to replace this DLL with a fake library. The main BlackICE service 'blackd.exe' dynamically loads this library into its own process during the initialization of BlackICE after the system start. Hence it is possible to inject the fake library into the BlackICE service and gain a complete control of the protection system.

Vulnerable software:

• BlackICE PC Protection 3.6.cpj
• BlackICE PC Protection 3.6.cpiE
• Proventia Desktop 8.0
• Proventia Server - any version
• RealSecure Desktop 7.0
• probably all versions of BlackICE PC Protection 3.6
• possibly older versions of BlackICE PC Protection

Events:

• 2006-08-04: Candidate for inclusion in the CVE list
• 2006-08-04: Vulnerability confirmed by popular information sources
• 2006-08-01: Advisory released
• 2006-08-01: Vendor notification

References:

• Internet Security Systems - X-Force Database
• Packet Storm Security Advisory
• National Vulnerability Database
• Common Vulnerabilities and Exposures
• Security alert on SecurityReason
• ISS BlackICE PC Protection

valid HTML 4.01 · valid CSS 2 · optimized for you · design by martina · powered by jan · generated on March 11, 2010