Advisory 2006-08-01.01
BlackICE DLL faking of run-time linked libraries Vulnerability
Basic information:

Release date: August 01, 2006

Last update: August 15, 2006

Type: Incomplete design implementation bugs

Character: Complete system control

Status: Unpatched bugs

Risk: Critical bugs

Exploitability: Locally exploitable bugs

Discoverability: Medium discoverable bugs

Testing program: BTP00022P003BI.zip
Description:

BlackICE implements application component protection for privileged programs but it fails to protect some of its own processes. Moreover, it does not protect file 'pamversion.dll' in its own installation directory against actions of other processes. It is possible to replace this DLL with a fake library. The main BlackICE service 'blackd.exe' dynamically loads this library into its own process during the initialization of BlackICE after the system start. Hence it is possible to inject the fake library into the BlackICE service and gain a complete control of the protection system.
Vulnerable software:

    * BlackICE PC Protection 3.6.cpj
    * BlackICE PC Protection 3.6.cpiE
    * probably all older versions

Events:

    * 2006-08-04: Candidate for inclusion in the CVE list
    * 2006-08-04: Vulnerability confirmed by popular information sources
    * 2006-08-01: Advisory released
    * 2006-08-01: Vendor notification