|
|
|
|
| |
Credit:
The information has been provided by Carsten Eiram.
The original article can be found at: http://secunia.com/secunia_research/2006-08/
|
| |
Vulnerable Systems:
* AOL version 9.0 Security Edition revision 4184.2340
Solution:
The vendor has issued an updated version (see the vendor statement).
Vendor Statement:
Overview
AOL has recently been made aware of a local security vulnerability in the AOL client software. Upon installation, folders containing the AOL software retain local file permissions such that any local user may be able to overwrite files within the AOL program directories. A malicious user may be able to overwrite legitimate AOL software with malicious code, thereby escalating their local privileges if a privileged user were to unknowingly execute the user's software.
Affected Products and Applications
The following AOL software versions are affected by this issue:
* All versions of the AOL client
Solutions
1. AOL Members using AOL 9.0 may simply log on to AOL and a fix will be seamlessly applied to their system.
2. AOL Members using earlier versions of the AOL client are recommended to upgrade to AOL 9.0 Security Edition
Acknowledgements
AOL would like to thank Secunia for their assistance in responsibly addressing this issue.
CVE Information:
CVE-2006-0948
Time Table:
09/02/2006 - Vendor notified.
09/02/2006 - Vendor response.
18/08/2006 - Public disclosure.
|
|
|
|
|
