Info

Disclosure

Aug 18, 2006

Discovery

Feb 09, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

AOL contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to default permissions that grants 'Everyone' group 'Full Control' to the 'America Online 9.0' directory. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, AOL has released a patch to address this vulnerability.

Products

America Online, Inc.

AOL

9.0

References

Security Tracker: 1016717
Secunia Advisory ID: 18734
CVE ID: 2006-0948 (see also: NVD)
SCIP VulDB ID: 2471
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0529.html
Vendor URL: http://downloads.channel.aol.com/windowsproducts
Other Advisory URL: http://secunia.com/secunia_research/2006-8/advisory/

Credit

Carsten Eiram - -

Direct URL: http://osvdb.org/27995