CVE-2001-1375

Name of the Vulnerable Software and Affected Versions tcl/tk package (tcltk) version 8.3.1 tcltk-8.3.3 tclx-8.3 tcllib-1.0 tcl-8.3.3

Description The issue allows local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. Multiple vulnerabilities in the tcltk package could lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally.

Recommendations For tcl/tk package (tcltk) version 8.3.1, consider updating to a version where the library search path prioritizes system directories over the current working directory. For tcltk-8.3.3, tclx-8.3, tcllib-1.0, and tcl-8.3.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.