Vulnerabilities > CVE-2006-3669 - Information Disclosure vulnerability in Mercury Messenger Users Directory

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

mercury-messenger

NVD

Published: 2006-07-18

Updated: 2018-10-18

Summary

Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users. Successful exploitation requires that the environment is a multi-user Mac OS X platform.

Vulnerable Configurations

Part	Description	Count
Application	Mercury_Messenger Mercury Messenger Mercury Messenger *	1

References

http://www.securityfocus.com/archive/1/440243/100/0/threaded
http://www.securityfocus.com/bid/19005
https://exchange.xforce.ibmcloud.com/vulnerabilities/27767