• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability

Multiple Internet Security Systems (ISS) products are susceptible to a local privilege-escalation vulnerability. This issue is due to the application's failure to properly lower the privileges of the running process when required.

Due to the nature of the affected application, it executes with SYSTEM privileges. When a local user opens the help browser from the affected application, it runs with the same elevated privileges as the calling application.

This vulnerability allows local attackers to access and execute arbitrary files with SYSTEM privileges, facilitating the compromise of the local computer.