{"api_version":"1","generated_at":"2026-05-13T11:01:08+00:00","cve":"CVE-2004-2126","urls":{"html":"https://cve.report/CVE-2004-2126","api":"https://cve.report/api/cve/CVE-2004-2126.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-2126","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-2126"},"summary":{"title":"CVE-2004-2126","description":"The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/bid/9513","name":"http://www.securityfocus.com/bid/9513","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Internet Security Systems BlackICE PC Protection Upgrade File Permission Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://marc.info/?l=bugtraq&m=107530966524193&w=2","name":"http://marc.info/?l=bugtraq&m=107530966524193&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-2126","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-2126","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"2126","vulnerable":"1","versionEndIncluding":"3.6cbz","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iss","cpe5":"blackice_pc_protection","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:15:01.652Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"9513","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/9513"},{"name":"20040128 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=107530966524193&w=2"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-01-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-10-17T13:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"9513","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/9513"},{"name":"20040128 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=107530966524193&w=2"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-2126","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"9513","refsource":"BID","url":"http://www.securityfocus.com/bid/9513"},{"name":"20040128 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=107530966524193&w=2"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-2126","datePublished":"2005-05-27T04:00:00.000Z","dateReserved":"2005-05-27T00:00:00.000Z","dateUpdated":"2024-08-08T01:15:01.652Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iss:blackice_pc_protection:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6cbz","matchCriteriaId":"FE8F68BC-CCD1-475C-96DF-FF684D5AE823"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"2126","Ordinal":"1","Title":"CVE-2004-2126","CVE":"CVE-2004-2126","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"2126","Ordinal":"1","NoteData":"The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.","Type":"Description","Title":"CVE-2004-2126"},{"CveYear":"2004","CveId":"2126","Ordinal":"2","NoteData":"2005-05-27","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"2126","Ordinal":"3","NoteData":"2016-10-17","Type":"Other","Title":"Modified"}]}}}