Security firm ISS has released a high-risk advisory warning of a denial of service (DoS) vulnerability in its BlackIce firewall software.
Although ISS has acknowledged the vulnerability as a DoS problem, security watcher eEye, among others, has suggested that the hole "is not simply a DoS attack. If you're running a vulnerable version of BlackIce then you're vulnerable to a remote kernel level compromise in which remote attacks can execute arbitrary code."
The vulnerability allows for a DoS attack that could result in BlackIce crashing and/or blue screening.
eEye added: "The BlackIce buffer overflow exposes a significant flaw that will allow an attacker to execute code within the kernel context.
"Our testing has shown that we have a significant amount of space to work with in our payload, allowing a large number of exploit scenarios. This can include, but is not limited to, 'Trojaning' the NT kernel."
Systems affected include BlackIce Defender and Server 2.9, Agent for workstation and server 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5.
A patch and more info, released by ISS, can be found on the ISS site, www.iss.net.
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago