CVE-2012-5381

Name of the Vulnerable Software and Affected Versions PHP version 5.3.17

Description The issue is related to an untrusted search path vulnerability in the installation functionality of PHP. This vulnerability might allow local users to gain privileges via a Trojan horse DLL in the C:PHP directory. The vulnerability can be exploited if the C:PHP directory is added to the PATH system environment variable by an administrator, and a Trojan horse DLL, such as wlbsctrl.dll, is used by a system service. This issue affects Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

Recommendations For PHP version 5.3.17, consider removing the C:PHP directory from the PATH system environment variable to prevent exploitation. As a temporary workaround, restrict access to the C:PHP directory to minimize the risk of a Trojan horse DLL being added. Avoid using the wlbsctrl.dll file in the affected system services until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.