{"api_version":"1","generated_at":"2026-05-13T11:00:46+00:00","cve":"CVE-2005-2711","urls":{"html":"https://cve.report/CVE-2005-2711","api":"https://cve.report/api/cve/CVE-2005-2711.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-2711","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-2711"},"summary":{"title":"CVE-2005-2711","description":"ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the \"More Info\" button in the \"Application Protection\" dialog, which allows local users to execute arbitrary programs as SYSTEM.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.2","severity":"","vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://securitytracker.com/id?1015820","name":"http://securitytracker.com/id?1015820","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"RealSecure Desktop Help System Lets Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403","name":"http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Accenture | Let there be change","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25423","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25423","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/17218","name":"http://www.securityfocus.com/bid/17218","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/19327","name":"http://secunia.com/advisories/19327","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Secunia - Advisories - ISS Products Application Protection Module Privilege Escalation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1015821","name":"http://securitytracker.com/id?1015821","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"BlackICE Help System Lets Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/24096","name":"http://www.osvdb.org/24096","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/1090","name":"http://www.vupen.com/english/advisories/2006/1090","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-2711","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-2711","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"2711","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iss","cpe5":"blackice_agent_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2711","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iss","cpe5":"blackice_pc_protection","cpe6":"3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2711","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iss","cpe5":"blackice_pc_protection","cpe6":"3.6cpu","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2711","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iss","cpe5":"blackice_server_protection","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2711","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iss","cpe5":"realsecure_desktop","cpe6":"3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"2711","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iss","cpe5":"realsecure_desktop","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T22:45:02.167Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"17218","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/17218"},{"name":"1015820","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015820"},{"name":"blackice-appprotection-privilege-escalation(25423)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25423"},{"name":"24096","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/24096"},{"name":"ADV-2006-1090","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/1090"},{"name":"20060323 ISS Multiple Products Local Privilege Escalation Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403"},{"name":"1015821","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015821"},{"name":"19327","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/19327"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-03-23T00:00:00.000Z","descriptions":[{"lang":"en","value":"ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the \"More Info\" button in the \"Application Protection\" dialog, which allows local users to execute arbitrary programs as SYSTEM."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"17218","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/17218"},{"name":"1015820","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015820"},{"name":"blackice-appprotection-privilege-escalation(25423)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25423"},{"name":"24096","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/24096"},{"name":"ADV-2006-1090","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/1090"},{"name":"20060323 ISS Multiple Products Local Privilege Escalation Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403"},{"name":"1015821","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015821"},{"name":"19327","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/19327"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-2711","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the \"More Info\" button in the \"Application Protection\" dialog, which allows local users to execute arbitrary programs as SYSTEM."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"17218","refsource":"BID","url":"http://www.securityfocus.com/bid/17218"},{"name":"1015820","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015820"},{"name":"blackice-appprotection-privilege-escalation(25423)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25423"},{"name":"24096","refsource":"OSVDB","url":"http://www.osvdb.org/24096"},{"name":"ADV-2006-1090","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1090"},{"name":"20060323 ISS Multiple Products Local Privilege Escalation Vulnerability","refsource":"IDEFENSE","url":"http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403"},{"name":"1015821","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015821"},{"name":"19327","refsource":"SECUNIA","url":"http://secunia.com/advisories/19327"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-2711","datePublished":"2006-03-24T02:00:00.000Z","dateReserved":"2005-08-26T00:00:00.000Z","dateUpdated":"2024-08-07T22:45:02.167Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iss:blackice_agent_server:*:*:*:*:*:*:*:*","matchCriteriaId":"15D811B9-6F92-4BEF-B502-7CBA79D90056"},{"vulnerable":true,"criteria":"cpe:2.3:a:iss:blackice_pc_protection:3.6:*:*:*:*:*:*:*","matchCriteriaId":"AE67F5C0-C165-446B-A67D-71876965F3EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:iss:blackice_pc_protection:3.6cpu:*:*:*:*:*:*:*","matchCriteriaId":"8EE7A456-FD11-4506-8015-677CDD8912D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:iss:blackice_server_protection:*:*:*:*:*:*:*:*","matchCriteriaId":"4DC89FBB-BC07-421F-BC6D-0582CFA98E16"},{"vulnerable":true,"criteria":"cpe:2.3:a:iss:realsecure_desktop:3.6:*:*:*:*:*:*:*","matchCriteriaId":"40DB2F47-5FF4-47AD-AD9B-CB665B1957FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:iss:realsecure_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"7EBD8328-8261-43DE-B90C-160CE823BE12"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"2711","Ordinal":"1","Title":"CVE-2005-2711","CVE":"CVE-2005-2711","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"2711","Ordinal":"1","NoteData":"ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the \"More Info\" button in the \"Application Protection\" dialog, which allows local users to execute arbitrary programs as SYSTEM.","Type":"Description","Title":"CVE-2005-2711"},{"CveYear":"2005","CveId":"2711","Ordinal":"2","NoteData":"2006-03-23","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"2711","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}