ISS Customers, A third party, Secure Network Operations, has released an advisory for a local buffer overflow in BlackICE. You can access that advisory here: http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1145.html. This issue has been classified as low-severity by the ISS X-Force. It is only exploitable in limited cases that will not affect the vast majority of the BlackICE install-base. In order to leverage this to elevate privileges locally, an attacker would need to be already authenticated to the target machine or somehow be able to access the BlackICE GUI or configuration files. This issue is not remotely exploitable in and of itself, therefore, ISS X-Force does not consider this issue to be a major security risk.
Although the severity of this issue is considered low by X-Force, ISS has included a bug fix for this issue in its latest BlackICE update to address any potential concerns for our customers. Updates are available from the ISS website at: http://www.iss.net/download/. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
