OSVDB ID: 27995

Title: AOL Directory Permission Weakness Local Privilege Escalation

Info

Disclosure

Aug 18, 2006

Discovery

Feb 09, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

AOL contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to default permissions that grants 'Everyone' group 'Full Control' to the 'America Online 9.0' directory. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, AOL has released a patch to address this vulnerability.

Products

America Online, Inc.

AOL

9.0

References

Credit

  • Carsten Eiram -   -


Direct URL: http://osvdb.org/27995