CVE-2012-5379

Name of the Vulnerable Software and Affected Versions ActivePython version 3.2.2.3

Description The installation functionality in ActivePython has an untrusted search path vulnerability. This might allow local users to gain privileges via a Trojan horse DLL in the C:Python27 or C:Python27Scripts directory, which may be added to the PATH system environment variable by an administrator. This issue is demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in various Windows versions.

Recommendations For ActivePython version 3.2.2.3, consider disabling the installation functionality in the top-level C: directory to minimize the risk of exploitation. Restrict access to the C:Python27 and C:Python27Scripts directories to prevent a Trojan horse DLL from being added to the PATH system environment variable. As a temporary workaround, avoid using the wlbsctrl.dll file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.