Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2597

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-2597
Last Modified 05 Sep 2008 04:52:11
Published 17 Aug 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2597

Summary

AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program.

Vulnerable Systems

Application

  • Aol Client Software 9.0


References

BID - 14530

NTBUGTRAQ - 20050807 Eh? Oh well....Flaws in AOL software, and accountability. Patch available for one of the two.

XF - aol-subfolder-weak-security(24324)


Last Updated: 27 May 2016 10:40:34