[原文]ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs.
Mirabilis ICQLite Home Directory Permission Weakness Privilege Escalation
Local Access Required
Loss of Integrity
Mirabilis ICQLite contains a flaw that may allow a malicious local user to overwrite or delete files in the ICQLite folder. The issue exists because ICQLite adds the Interactive Users group with Full Control to the ACL of the ICQLite program folder. It is possible that the flaw may result in a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Modify the ACL for the ICQLite program folder to something more restrictive such as Read.