CVE-2018-1000117

Name of the Vulnerable Software and Affected Versions: Python Software Foundation CPython versions 3.2 through 3.6.4

Description: The issue is related to a Buffer Overflow vulnerability in the os.symlink() function on Windows, which can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker-controlled name or location.

Recommendations: For versions 3.2 through 3.6.4, update to version 3.6.5 or 3.7.0 to resolve the issue. As a temporary workaround, consider restricting the use of the os.symlink() function until a patch is available.