Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1125

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-1125
Last Modified 07 Mar 2011 09:32:06
Published 09 Mar 2006 04:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1125

Summary

Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges.

Vulnerable Systems

Application

  • Grisoft Avg Antivirus 7.0

  • Grisoft Avg Antivirus 7.0.251

  • Grisoft Avg Antivirus 7.0.323

  • Grisoft Avg Antivirus 7.1.308


References

BID - 16952

SECUNIA - 19118

VUPEN - ADV-2006-0845

MISC - http://www.dslreports.com/forum/remark,15601404

SECTRACK - 1015728

XF - avg-update-gain-privilieges(25139)

BUGTRAQ - 20060303 AVG 7 granting Everyone Full Control to updated files... even its drivers


Last Updated: 27 May 2016 10:41:56