America Online insecure installation path permissions
| aol-subfolder-weak-security (24324) |  Medium Risk |
Description:
America Online could allow a local attacker to execute arbitrary commands on the system. Subfolders are created with Everyone access rights. A local attacker could exploit this vulnerability and execute arbitrary commands with elevated privileges.
Consequences:
Gain Privileges
Remedy:
No remedy available as of February 6, 2010.
References:
- AOL Web site: AOL.com - Welcome to America Online.
- BugTraq Mailing List, Sun Aug 07 2005 - 08:41:12 CDT: Flaws in AOL software, and accountability. Patch available for one of the two..
- BID-14530: AOL Client Software Local Privilege Escalation Vulnerability
- CVE-2005-2597: AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program.
Platforms Affected:
- AOL AOL 9.0
Reported:
Aug 07, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net