CVE-2005-2382 - Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the

CVE-2005-2382

Summary

Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality.

References

http://marc.info/?l=bugtraq&m=112190569628213&w=2
http://secunia.com/advisories/16124
http://secway.org/advisory/AD20050720EN.txt
http://www.securityfocus.com/bid/14330

Vulnerable Configurations

cpe:2.3:a:oray:peanuthull:3.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oray:peanuthull:3.0.1.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-10-2016 - 03:26)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	14330
bugtraq	20050720 PeanutHull Local Privilege Escalation Vulnerability
misc	http://secway.org/advisory/AD20050720EN.txt
secunia	16124

Last major update

18-10-2016 - 03:26

Published

26-07-2005 - 04:00

Last modified

18-10-2016 - 03:26