Lucene search

[email protected]CVE-2006-0526

HistoryFeb 02, 2006 - 11:02 a.m.

CVE-2006-0526

2006-02-0211:02:00

[email protected]

web.nvd.nist.gov

america online

aol

client software

registry

dll

local users

privilege escalation

trojan horse

cve-2006-0526

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.7%

JSON

The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program.

Affected configurations

NVD

Node

aolaol_client_softwareMatch8.0

aolaol_client_softwareMatch8.0plus

aolaol_client_softwareMatch9.0

aolaol_client_softwareMatch9.0optimized

aolaol_client_softwareMatch9.0security

CPENameOperatorVersion
aol:aol_client_softwareaol aol client softwareeq8.0
aol:aol_client_softwareaol aol client softwareeq9.0

CPE	Name	Operator	Version
aol:aol_client_software	aol aol client software	eq	8.0
aol:aol_client_software	aol aol client software	eq	9.0

References

www.cs.princeton.edu/~sudhakar/papers/winval.pdf

www.kb.cert.org/vuls/id/953860

www.securityfocus.com/archive/1/423587/100/0/threaded

www.securityfocus.com/bid/16453

exchange.xforce.ibmcloud.com/vulnerabilities/24498

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for CVE-2006-0526

prion1 nvd1 cvelist1