CVE-2012-5378 in ActiveTclالمعلومات

الملخص

بحسب MITRE

Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

11/10/2012

إفشاء

11/10/2012

الاعتدال

تمت الموافقة

إدخال

VDB-62680

CPE

جاهز

CWE

CWE-426 (مؤكد)

استغلال

تحميل

CVSS

6.0 (NVD)

EPSS

0.00252

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-5378
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5378
CVE Details	https://www.cvedetails.com/cve/CVE-2012-5378/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!