Description
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Matousec Transparent security · textlocalmultiple
https://www.exploit-db.com/exploits/28817
References (7)
Core 7
Core References
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0298.html
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2361
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20546
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/30901
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448763/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29575
Various Sources x_refsource_misc
http://www.matousec.com/info/advisories/BlackICE-Filelock-protection-bypass.php
Scores
EPSS
0.0013
EPSS Percentile
32.7%
Details
Status
published
Products (2)
iss/blackice_pc_protection
3.6cpj
iss/blackice_pc_protection
3.6cpu
Published
Mar 06, 2007
Tracked Since
Feb 18, 2026