CVE-2006-5968 | Vulnerability Database | Aqua Security

MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemonAPP folder, which is an untrusted search path element due to insecure permissions.

Affected Software

Name	Vendor	Start Version	End Version
Mdaemon	Alt-n	9.0.5 (including)	9.0.5 (including)
Mdaemon	Alt-n	9.0.6 (including)	9.0.6 (including)
Mdaemon	Alt-n	9.51 (including)	9.51 (including)
Mdaemon	Alt-n	9.53 (including)	9.53 (including)

References

http://secunia.com/advisories/21554
http://secunia.com/secunia_research/2006-67/advisory/
http://securityreason.com/securityalert/1890
http://securitytracker.com/id?1017238
http://www.securityfocus.com/archive/1/451821/100/100/threaded
http://www.vupen.com/english/advisories/2006/4538
https://exchange.xforce.ibmcloud.com/vulnerabilities/30331
http://secunia.com/advisories/21554
http://secunia.com/secunia_research/2006-67/advisory/
http://securityreason.com/securityalert/1890
http://securitytracker.com/id?1017238
http://www.securityfocus.com/archive/1/451821/100/100/threaded
http://www.vupen.com/english/advisories/2006/4538
https://exchange.xforce.ibmcloud.com/vulnerabilities/30331

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-5968
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html