Vulnerabilities > CVE-2012-5377 - Insecure File Permissions vulnerability in Activestate Activeperl 5.16.1.1601
Attack vector
LOCAL Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL. CVE-2012-5377,CVE-2012-5378,CVE-2012-5379,CVE-2012-5380,CVE-2012-5381,CVE-2012-5382,CVE-20... |
| id | EDB-ID:28130 |
| last seen | 2016-02-03 |
| modified | 2013-09-06 |
| published | 2013-09-06 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/28130/ |
| title | IKE and AuthIP IPsec Keyring Modules Service IKEEXT Missing DLL |