CVE-2006-7129

Name of the Vulnerable Software and Affected Versions ISS BlackICE PC Protection versions 3.6 and possibly earlier

Description The issue allows local users to bypass the protection scheme. This is achieved by using the ZwDeleteFile API function to delete the critical file filelock.txt, which stores information about protected files.

Recommendations For ISS BlackICE PC Protection version 3.6 and possibly earlier, consider restricting access to the ZwDeleteFile API function to prevent deletion of the filelock.txt file until a patch is available. As a temporary workaround, monitor the filelock.txt file for unauthorized modifications.