CVE-2006-3999

Published: Aug 5, 2006Modified: Apr 16, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.

Affected (2)

Products: Iss: Blackice Pc Protection

1 product

Blackice Pc Protection

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Iss Blackice Pc Protection	Version 3.6cpie
Iss Blackice Pc Protection	Version 3.6cpj

References (6)

http://securityreason.com/securityalert/1338

Source: cve@mitre.org

http://securitytracker.com/id?1016618

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/441829/100/0/threaded

Source: cve@mitre.org

http://securityreason.com/securityalert/1338

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1016618

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/441829/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.