Default Configuration of Internet Connection Firewall in Windows XP SP2 Allows Bypassing of Access Controls

Default Configuration of Internet Connection Firewall in Windows XP SP2 Allows Bypassing of Access Controls

CVE-2004-2176 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.

Learn more about our User Device Pen Test.