| ID |
CVE-2006-0948
|
| Summary |
AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. AOL has released fixes to address this issue. These fixes can be automatically applied by logging in to the service. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.2 (as of 18-10-2018 - 16:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 19583 | | bugtraq | 20060818 Secunia Research: AOL Insecure Default Directory Permissions | | misc | http://secunia.com/secunia_research/2006-08 | | osvdb | 27995 | | sectrack | 1016717 | | secunia | 18734 | | sreason | 1416 | | vupen | ADV-2006-3317 | | xf | aol-default-insecure-permissions(28445) |
|
| Last major update |
18-10-2018 - 16:29 |
| Published |
21-08-2006 - 18:04 |
| Last modified |
18-10-2018 - 16:29 |
