[Advisory] * =Thu Mar 16 14:11:36 EST 2006= * Local Privilege Escalation Vulnerability in AOL Client Software ======== I. DESCRIPTION AOL Client Software incorrectly validates user input, making privilege escalation possible. ======== II. HISTORY 6-1-2006 - Vendor Notification. 10-2-2006 - Vendor Reply. 16-3-2006 - Public Disclosure. ======== III. WORKAROUND There are no workarounds. ======== IV. VENDOR RESPONSE AOL Client Software has extended no identified explanation. ======== V. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-113593 to this issue ======== APPENDIX A VENDOR INFORMATION http://www.aol.com ======== APPENDIX B REFERENCES RFC 8961 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
