CVE-2019-13404

Name of the Vulnerable Software and Affected Versions Python versions prior to 2.7.17 Python versions 3.x prior to 3.5

Description The MSI installer for Python on Windows defaults to the C:Python27 directory, making it easier for local users to deploy Trojan horse code. The vendor's position is that it is the user's responsibility to ensure C:Python27 access control or choose a different directory, due to backwards compatibility requirements.

Recommendations For Python versions prior to 2.7.17, consider choosing a different directory during installation to minimize the risk of exploitation. For Python versions 3.x prior to 3.5, consider choosing a different directory during installation to minimize the risk of exploitation. As a temporary workaround, ensure proper access control for the C:Python27 directory to prevent unauthorized access.