CVE-2012-0315
Last modified
CVE-2012-0315 is a vulnerability of currently unknown severity. Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.. EPSS estimates a 2.23% chance of exploitation in the next 30 days.
Description
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Estsoft | Alftp | <= 5.1 | — |
| Estsoft | Alftp | 4.1 | — |
| Estsoft | Alftp | 5.0 | — |
| Estsoft | Alftp | 5.1 | Beta2 |
References
- http://jvn.jp/en/jp/JVN85695061/995223/index.htmlThird Party Advisory, VDB Entry
- http://jvn.jp/en/jp/JVN85695061/index.htmlThird Party Advisory, VDB Entry
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011Third Party Advisory, VDB Entry
- http://www.altools.jp/download.aspxBroken Link, Patch
- http://jvn.jp/en/jp/JVN85695061/995223/index.htmlThird Party Advisory, VDB Entry
- http://jvn.jp/en/jp/JVN85695061/index.htmlThird Party Advisory, VDB Entry
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011Third Party Advisory, VDB Entry
- http://www.altools.jp/download.aspxBroken Link, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-0315?
How severe is CVE-2012-0315?
How do I fix CVE-2012-0315?
Are you affected by CVE-2012-0315?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST