CVE-2012-0315

Опубликовано: 22 фев. 2012

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.

Комментарий

Per: http://cwe.mitre.org/data/definitions/426.html

'CWE-426: Untrusted Search Path'

Ссылки

http://jvn.jp/en/jp/JVN85695061/995223/index.html
Third Party Advisory
VDB Entry
http://jvn.jp/en/jp/JVN85695061/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011
Third Party Advisory
VDB Entry
http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118
Broken Link
http://www.altools.jp/download.aspx
Broken Link
Patch
http://jvn.jp/en/jp/JVN85695061/995223/index.html
Third Party Advisory
VDB Entry
http://jvn.jp/en/jp/JVN85695061/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011
Third Party Advisory
VDB Entry
http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118
Broken Link
http://www.altools.jp/download.aspx
Broken Link
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:estsoft:alftp:*:*:*:*:*:*:*:*

Версия до 5.1 (включая)

cpe:2.3:a:estsoft:alftp:4.1:*:*:*:*:*:*:*

cpe:2.3:a:estsoft:alftp:4.1:beta2:*:*:*:*:*:*

cpe:2.3:a:estsoft:alftp:4.1:beta2:*:en:*:*:*:*

cpe:2.3:a:estsoft:alftp:5.0:*:*:*:*:*:*:*

cpe:2.3:a:estsoft:alftp:5.1:beta2:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00558

Низкий

9.3 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-vc52-47rr-w6j9

github

почти 4 года назад