Full Disclosure mailing list archives

[Advisory] * =Thu Mar 16 14:11:36 EST 2006= * Local Privilege Escalation Vulnerability in AOL Client Software

From: Arjan van der Velde <dj_noresult () xs4all nl>
Date: Thu, 16 Mar 2006 19:11:39 +0000 (GMT)




[Advisory] * =Thu Mar 16 14:11:36 EST 2006= * Local Privilege Escalation Vulnerability in AOL Client Software




========
I. DESCRIPTION
AOL Client Software incorrectly validates user input, making privilege escalation possible.

========
II. HISTORY
6-1-2006 - Vendor Notification.
10-2-2006 - Vendor Reply.
16-3-2006 - Public Disclosure.
========
III. WORKAROUND
There are no workarounds.
========
IV. VENDOR RESPONSE
AOL Client Software has extended no identified explanation.
========
V. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-113593 to this issue

========
APPENDIX A VENDOR INFORMATION
http://www.aol.com

========
APPENDIX B REFERENCES
RFC 8961

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[Advisory] * =Thu Mar 16 14:11:36 EST 2006= * Local Privilege Escalation Vulnerability in AOL Client Software Arjan van der Velde (Mar 16)