CVE-2004-1714

HIGH

BlackICE PC and Server Protection - Incorrect Permission Assignment for Critical Resource

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1714. PoCs published by Paul Craig.

AI-analyzed exploit summary The exploit describes a local buffer overflow vulnerability in BlackICE PC Protection when parsing excessive input in the firewall.ini file. The vulnerability causes the blackice.exe and blackd.exe executables to crash upon system restart.

Description

BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Paul Craig · textdoswindows
https://www.exploit-db.com/exploits/24362

The exploit describes a local buffer overflow vulnerability in BlackICE PC Protection when parsing excessive input in the firewall.ini file. The vulnerability causes the blackice.exe and blackd.exe executables to crash upon system restart.

Classification
Writeup 80%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: BlackICE PC Protection
No auth needed
Prerequisites: Local access to modify the firewall.ini file · System restart to trigger the vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Not Applicable mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html
Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10915
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109223751031166&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16959

Scores

CVSS v3 7.1
EPSS 0.0085
EPSS Percentile 53.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-732
Status published
Products (21)
iss/blackice_pc_protection 3.6cbd
iss/blackice_pc_protection 3.6cbr
iss/blackice_pc_protection 3.6cbz
iss/blackice_pc_protection 3.6cca
iss/blackice_pc_protection 3.6ccb
iss/blackice_pc_protection 3.6ccc
iss/blackice_pc_protection 3.6ccd
iss/blackice_pc_protection 3.6cce
iss/blackice_pc_protection 3.6ccf
iss/blackice_pc_protection 3.6ccg
... and 11 more
Published Aug 11, 2004
Tracked Since Feb 18, 2026