AOL Directory Permission Weakness Local Privilege Escalation

2006-08-18T07:19:06
ID OSVDB:27995
Type osvdb
Reporter Carsten Eiram()
Modified 2006-08-18T07:19:06

Description

Vulnerability Description

AOL contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to default permissions that grants 'Everyone' group 'Full Control' to the 'America Online 9.0' directory. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, AOL has released a patch to address this vulnerability.

Short Description

AOL contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to default permissions that grants 'Everyone' group 'Full Control' to the 'America Online 9.0' directory. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://downloads.channel.aol.com/windowsproducts Security Tracker: 1016717 Secunia Advisory ID:18734 Other Advisory URL: http://secunia.com/secunia_research/2006-8/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0529.html CVE-2006-0948