CVE-2012-5380

Name of the Vulnerable Software and Affected Versions Ruby version 1.9.3-p194

Description The installation functionality in Ruby has an untrusted search path vulnerability when installed in the top-level C: directory. This might allow local users to gain privileges via a Trojan horse DLL in the C:Ruby193bin directory, which may be added to the PATH system environment variable by an administrator. A demonstration of this issue involves a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in various Windows versions.

Recommendations For Ruby version 1.9.3-p194, consider restricting access to the C:Ruby193bin directory to minimize the risk of exploitation. As a temporary workaround, avoid adding the C:Ruby193bin directory to the PATH system environment variable until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.