matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.99%)

  limited administrator's account (16.64%)

  common user's account (12.56%)

  nothing (I do not use Win 7/Vista) (13.77%)

more

results

Advisory 2006-08-01.01

BlackICE DLL faking of run-time linked libraries Vulnerability

Basic information:


Release date: August 01, 2006

Last update: September 19, 2006

Severity:Critical

Character:Complete system control

Status:Unknown

Testing program: BTP00022P003BI.zip

Description:

BlackICE implements application component protection for privileged programs but it fails to protect some of its own processes. Moreover, it does not protect file 'pamversion.dll' in its own installation directory against actions of other processes. It is possible to replace this DLL with a fake library. The main BlackICE service 'blackd.exe' dynamically loads this library into its own process during the initialization of BlackICE after the system start. Hence it is possible to inject the fake library into the BlackICE service and gain a complete control of the protection system.

Vulnerable software:

Events:

References: