Vulnerabilities > CVE-2006-0948 - Local Privilege Escalation vulnerability in AOL 9.04184.2340

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

aol

NVD

Published: 2006-08-21

Updated: 2018-10-18

Summary

AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. AOL has released fixes to address this issue. These fixes can be automatically applied by logging in to the service.

Vulnerable Configurations

Part	Description	Count
Application	Aol AOL AOL 9.0_4184.2340	1

References

http://secunia.com/advisories/18734
http://secunia.com/secunia_research/2006-08
http://securityreason.com/securityalert/1416
http://securitytracker.com/id?1016717
http://www.osvdb.org/27995
http://www.securityfocus.com/archive/1/443622/100/0/threaded
http://www.securityfocus.com/bid/19583
http://www.vupen.com/english/advisories/2006/3317
https://exchange.xforce.ibmcloud.com/vulnerabilities/28445