CVE-2012-5382

Name of the Vulnerable Software and Affected Versions Zend Server version 5.6.0 SP4

Description The installation functionality in Zend Server has an untrusted search path vulnerability when installed in the top-level C: directory. This might allow local users to gain privileges via a Trojan horse DLL in the C:ZendZendServershareZendFrameworkbin directory, which may be added to the PATH system environment variable by an administrator. A demonstration of this issue involves a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in various Windows versions.

Recommendations For Zend Server version 5.6.0 SP4, consider avoiding the installation in the top-level C: directory to prevent the addition of the vulnerable directory to the PATH system environment variable. As a temporary workaround, restrict access to the C:ZendZendServershareZendFrameworkbin directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.