CVE-2006-5968

2006-11-17T22:07:00
ID CVE-2006-5968
Type cve
Reporter cve@mitre.org
Modified 2018-10-17T21:46:00

Description

MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions.