Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0526

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-0526
Last Modified 05 Sep 2008 04:59:30
Published 02 Feb 2006 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0526

Summary

The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program.

Vulnerable Systems

Application

  • Aol Client Software 8.0

  • Aol Client Software 9.0


References

CERT-VN - VU#953860

BID - 16453

BUGTRAQ - 20060131 Windows Access Control Demystified

MISC - http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

XF - aol-insecure-default-permissions(24498)


Last Updated: 27 May 2016 10:41:41