CVE-2006-0526 - The default configuration of the America Online (AOL) client software allows all users to modify a c

CVE-2006-0526

Summary

The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program.

References

Vulnerable Configurations

cpe:2.3:a:aol:aol_client_software:8.0:*:*:*:*:*:*:*
cpe:2.3:a:aol:aol_client_software:8.0:*:*:*:*:*:*:*
cpe:2.3:a:aol:aol_client_software:8.0:*:plus:*:*:*:*:*
cpe:2.3:a:aol:aol_client_software:8.0:*:plus:*:*:*:*:*
cpe:2.3:a:aol:aol_client_software:9.0:*:*:*:*:*:*:*
cpe:2.3:a:aol:aol_client_software:9.0:*:*:*:*:*:*:*
cpe:2.3:a:aol:aol_client_software:9.0:*:optimized:*:*:*:*:*
cpe:2.3:a:aol:aol_client_software:9.0:*:optimized:*:*:*:*:*
cpe:2.3:a:aol:aol_client_software:9.0:*:security:*:*:*:*:*
cpe:2.3:a:aol:aol_client_software:9.0:*:security:*:*:*:*:*

CVSS

Base:	7.2 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	16453
bugtraq	20060131 Windows Access Control Demystified
cert-vn	VU#953860
misc	http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
xf	aol-insecure-default-permissions(24498)

Last major update

19-10-2018 - 15:45

Published

02-02-2006 - 11:02

Last modified

19-10-2018 - 15:45