CVE-2006-4994

Name of the Vulnerable Software and Affected Versions Apache Friends XAMPP version 1.5.2

Description The issue concerns unquoted Windows search path vulnerabilities in XAMPP. This could allow local users to gain privileges by placing a malicious program file in the %SYSTEMDRIVE%, which would be executed when XAMPP attempts to run certain executables, including FileZillaServer.exe, mysqld-nt.exe, Perl.exe, or xamppcontrol.exe, due to the unquoted "Program Files" pathname.

Recommendations For Apache Friends XAMPP version 1.5.2, consider quoting the "Program Files" pathname to prevent malicious programs from being executed. Additionally, as a temporary workaround, restrict access to the executables FileZillaServer.exe, mysqld-nt.exe, Perl.exe, and xamppcontrol.exe to minimize the risk of exploitation.