Lucene search

[email protected]CVE-2005-2597

HistoryAug 17, 2005 - 4:00 a.m.

CVE-2005-2597

2005-08-1704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

aol

client software

installation path

insecure permissions

local privilege escalation

vulnerability

nvd

cve-2005-2597

8.1 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program.

CPENameOperatorVersion
aol:aol_client_softwareaol aol client softwareeq9.0

CPE	Name	Operator	Version
aol:aol_client_software	aol aol client software	eq	9.0

References

archives.neohapsis.com/archives/ntbugtraq/2005-08/0009.html

www.securityfocus.com/bid/14530

exchange.xforce.ibmcloud.com/vulnerabilities/24324

8.1 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON