LetterMerger Database Local Information Disclosure

2006-03-02T09:02:33
ID OSVDB:23599
Type osvdb
Reporter Yog(), KeyShore()
Modified 2006-03-02T09:02:33

Description

Vulnerability Description

LetterMerger contains a flaw that may lead to an unauthorized information disclosure. The issue is due to user supplied information being stored with insecure permissions in Microsoft Access database files.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

LetterMerger contains a flaw that may lead to an unauthorized information disclosure. The issue is due to user supplied information being stored with insecure permissions in Microsoft Access database files.

References:

Vendor URL: http://www.peterssoftware.com/lm.htm Secunia Advisory ID:19074 CVE-2006-1011 Bugtraq ID: 16917