CVE-2006-3697

Name of the Vulnerable Software and Affected Versions Agnitum Outpost Firewall Pro version 3.51.759.6511 Lavasoft Personal Firewall version 1.0.543.5722 Novell BorderManager Novell Client Firewall version 2.0

Description The issue allows local users to gain privileges and execute commands. This can be achieved via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function, or by overwriting a batch file through the "Save Configuration As" option. It is noted that this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.

Recommendations For Agnitum Outpost Firewall Pro version 3.51.759.6511, consider restricting user activities in application windows that run in a LocalSystem context until a patch is available. For Lavasoft Personal Firewall version 1.0.543.5722, avoid using the "open folder" option and the "Save Configuration As" option to minimize the risk of exploitation. For Novell BorderManager Novell Client Firewall version 2.0, restrict access to the "Save Configuration As" option to prevent batch file overwrites.