Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability

Bugtraq ID:	17218
Class:	Design Error
CVE:	CVE-2005-2711
Remote:	No
Local:	Yes
Published:	Mar 23 2006 12:00AM
Updated:	Jul 12 2009 05:56PM
Credit:	Discovery is credited to an anonymous source.
Vulnerable:	Internet Security Systems RealSecure Desktop 7.0 ebm Internet Security Systems RealSecure Desktop 7.0 ebl Internet Security Systems RealSecure Desktop 7.0 ebk Internet Security Systems RealSecure Desktop 7.0 ebj Internet Security Systems RealSecure Desktop 7.0 ebh Internet Security Systems RealSecure Desktop 7.0 ebg Internet Security Systems RealSecure Desktop 7.0 ebf Internet Security Systems RealSecure Desktop 7.0 eba Internet Security Systems RealSecure Desktop 3.6 ecg Internet Security Systems RealSecure Desktop 3.6 ecf Internet Security Systems RealSecure Desktop 3.6 ece Internet Security Systems RealSecure Desktop 3.6 ecd Internet Security Systems RealSecure Desktop 3.6 ecb Internet Security Systems RealSecure Desktop 3.6 eca Internet Security Systems RealSecure Desktop 3.6 ebz Internet Security Systems RealSecure Desktop 3.6 ebr Internet Security Systems BlackIce Server Protection 3.6 coq Internet Security Systems BlackIce Server Protection 3.6 cop Internet Security Systems BlackIce Server Protection 3.6 coo Internet Security Systems BlackIce Server Protection 3.6 con Internet Security Systems BlackIce Server Protection 3.6 com Internet Security Systems BlackIce Server Protection 3.6 col Internet Security Systems BlackIce Server Protection 3.6 cok Internet Security Systems BlackIce Server Protection 3.6 coj Internet Security Systems BlackIce Server Protection 3.6 coi Internet Security Systems BlackIce Server Protection 3.6 coh Internet Security Systems BlackIce Server Protection 3.6 cog Internet Security Systems BlackIce Server Protection 3.6 cof Internet Security Systems BlackIce Server Protection 3.6 coe Internet Security Systems BlackIce Server Protection 3.6 cod Internet Security Systems BlackIce Server Protection 3.6 coc Internet Security Systems BlackIce Server Protection 3.6 cob Internet Security Systems BlackIce Server Protection 3.6 coa Internet Security Systems BlackIce Server Protection 3.6 cch Internet Security Systems BlackIce Server Protection 3.6 ccg Internet Security Systems BlackIce Server Protection 3.6 ccf Internet Security Systems BlackIce Server Protection 3.6 cce Internet Security Systems BlackIce Server Protection 3.6 ccd Internet Security Systems BlackIce Server Protection 3.6 ccc Internet Security Systems BlackIce Server Protection 3.6 ccb Internet Security Systems BlackIce Server Protection 3.6 cca Internet Security Systems BlackIce Server Protection 3.6 cbz Internet Security Systems BlackIce Server Protection 3.6 cbr Internet Security Systems BlackIce Server Protection 3.6 .cno Internet Security Systems BlackIce Server Protection 3.5 cdf Internet Security Systems BlackICE PC Protection 3.6 cch Internet Security Systems BlackICE PC Protection 3.6 ccg Internet Security Systems BlackICE PC Protection 3.6 ccf Internet Security Systems BlackICE PC Protection 3.6 cce Internet Security Systems BlackICE PC Protection 3.6 ccd Internet Security Systems BlackICE PC Protection 3.6 ccc Internet Security Systems BlackICE PC Protection 3.6 ccb Internet Security Systems BlackICE PC Protection 3.6 cca Internet Security Systems BlackICE PC Protection 3.6 cbz Internet Security Systems BlackICE PC Protection 3.6 cbr Internet Security Systems BlackICE PC Protection 3.6 cbd Internet Security Systems BlackICE PC Protection 3.6 .cno Internet Security Systems BlackICE PC Protection 3.6 .cbz Internet Security Systems BlackICE Agent for Server 3.6 ecg Internet Security Systems BlackICE Agent for Server 3.6 ecf Internet Security Systems BlackICE Agent for Server 3.6 ece Internet Security Systems BlackICE Agent for Server 3.6 ecd Internet Security Systems BlackICE Agent for Server 3.6 ecc Internet Security Systems BlackICE Agent for Server 3.6 ecb Internet Security Systems BlackICE Agent for Server 3.6 eca Internet Security Systems BlackICE Agent for Server 3.6 ebz
Not Vulnerable:	Internet Security Systems Proventia Server 0 Internet Security Systems Proventia Desktop 0

Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability

Multiple Internet Security Systems (ISS) products are susceptible to a local privilege-escalation vulnerability. This issue is due to the application's failure to properly lower the privileges of the running process when required.

Due to the nature of the affected application, it executes with SYSTEM privileges. When a local user opens the help browser from the affected application, it runs with the same elevated privileges as the calling application.

This vulnerability allows local attackers to access and execute arbitrary files with SYSTEM privileges, facilitating the compromise of the local computer.

Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability

This issue can be exploited through the interface of the affected products.

Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability

Solution:
Proventia Desktop and Server products are free updates that serve as replacements for the affected products. Reportedly, these products are not affected by this issue. Symantec has not confirmed that these products are not affected.

Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability

References:

• BlackICE Homepage (Internet Security Systems)
  
• iDefense Security Advisory 03.23.05: ISS Multiple Products Local Privilege Escal (labs-no-reply )