CVE-2006-3999 (CNNVD-200608-074)
中文标题:
ISS BlackICE PC Protection 'pamversion.dll'BlackICE库安全特权漏洞
英文标题:
ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor ...
漏洞描述
中文描述:
ISS BlackICE PC Protection 3.6.cpj,3.6.cpiE,可能还包括早期版本,没有对pamversion.dll BlackICE库的完整性进行正确监控,利用此漏洞,本地用户可通过替换pamversion.dll文件破坏BlackICE软件。注意:通常,攻击者不会超越特权界限,因为替换pamversion.dll需要管理员特权。然而,由于BlackICE软件抵御某些rogue特权操作,此问题便成为安全漏洞。
英文描述:
ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| iss | blackice_pc_protection | 3.6cpie | - | - |
cpe:2.3:a:iss:blackice_pc_protection:3.6cpie:*:*:*:*:*:*:*
|
| iss | blackice_pc_protection | 3.6cpj | - | - |
cpe:2.3:a:iss:blackice_pc_protection:3.6cpj:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
AV:L/AC:L/Au:N/C:P/I:P/A:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-3999 |
2025-11-11 15:17:44 | 2025-11-11 07:32:36 |
| NVD | nvd_CVE-2006-3999 |
2025-11-11 14:51:50 | 2025-11-11 07:41:21 |
| CNNVD | cnnvd_CNNVD-200608-074 |
2025-11-11 15:08:52 | 2025-11-11 07:49:09 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200608-074
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 4.6
- cvss_vector: NOT_EXTRACTED -> AV:L/AC:L/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']