CVE-2004-2329 - Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privile

CVE-2004-2329

Summary

Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.

References

http://secunia.com/advisories/10746/
http://www.osvdb.org/3748
http://www.securityfocus.com/bid/9525
http://www.securitytracker.com/alerts/2004/Jan/1008870.html
http://www.tuneld.com/_images/other/kpf_system_privileges.png
http://www.tuneld.com/news/?id=30
https://exchange.xforce.ibmcloud.com/vulnerabilities/14981

Vulnerable Configurations

cpe:2.3:a:kerio:personal_firewall:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:2.1.5:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	9525
misc	http://www.tuneld.com/_images/other/kpf_system_privileges.png http://www.tuneld.com/news/?id=30
osvdb	3748
sectrack	1008870
secunia	10746
xf	kerio-pf-gain-privileges(14981)

Last major update

11-07-2017 - 01:31

Published

31-12-2004 - 05:00

Last modified

11-07-2017 - 01:31