CVE-2007-0162 - Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) Application

CVE-2007-0162

Summary

Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.

References

Vulnerable Configurations

cpe:2.3:a:unsanity:application_enhancer:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:unsanity:application_enhancer:2.0.2:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:S/C:C/I:C/A:C

refmap via4

bid	21951
misc	http://landonf.bikemonkey.org/code/macosx/MOAB_Day_8.20070109002959.18582.timor.html http://projects.info-pull.com/moab/MOAB-08-01-2007.html
osvdb	32661
secunia	23649
xf	ape-appenhancer-privilege-escalation(31349)

Last major update

29-07-2017 - 01:30

Published

10-01-2007 - 00:28

Last modified

29-07-2017 - 01:30