CVE-2004-2329

Name of the Vulnerable Software and Affected Versions: Kerio Personal Firewall version 2.1.5

Description: The issue allows local users to execute arbitrary code with SYSTEM privileges. This is possible due to the Load button in the Firewall Configuration Files option not dropping privileges before opening the file loading dialog box.

Recommendations: For Kerio Personal Firewall version 2.1.5, consider restricting access to the Firewall Configuration Files option until a patch is available. As a temporary workaround, avoid using the Load button in the Firewall Configuration Files option to minimize the risk of exploitation.