ISS BlackICE and RealSecure Desktop packages contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user resets a help dialog file mask and will permit a user to execute arbitrary code with the system level privileges. This flaw may lead to a loss of confidentiality or integrity.

Upgrade to Proventia Desktop or Server, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015820 1015821
• Bugtraq ID: 17218
• Secunia Advisory ID: 19327
• CVE ID: 2005-2711 (see also: NVD)
• SCIP VulDB ID: 2109
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1493.html
• Other Advisory URL: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403
• Vendor URL: http://www.iss.net/products_services/products.php

• Anonymous - iDefense Labs VCP