CVE-2006-1355 - avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in

CVE-2006-1355

Summary

avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files.

References

http://forum.avast.com/index.php?topic=19862.0
http://secunia.com/advisories/19284
http://www.dslreports.com/forum/remark,15601404~days=9999~start=20
http://www.securityfocus.com/bid/17158
http://www.vupen.com/english/advisories/2006/1011
https://exchange.xforce.ibmcloud.com/vulnerabilities/25336

Vulnerable Configurations

cpe:2.3:a:alwil:avast_antivirus:*:*:*:*:*:*:*:*
cpe:2.3:a:alwil:avast_antivirus:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	17158
confirm	http://forum.avast.com/index.php?topic=19862.0
misc	http://www.dslreports.com/forum/remark,15601404~days=9999~start=20
secunia	19284
vupen	ADV-2006-1011
xf	avast-default-insecure-permissions(25336)

Last major update

20-07-2017 - 01:30

Published

22-03-2006 - 02:02

Last modified

20-07-2017 - 01:30