Vulnerability Description
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Estsoft | Alftp | <= 5.1 |
References
- http://jvn.jp/en/jp/JVN85695061/995223/index.htmlThird Party AdvisoryVDB Entry
- http://jvn.jp/en/jp/JVN85695061/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011Third Party AdvisoryVDB Entry
- http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118Broken Link
- http://www.altools.jp/download.aspxBroken LinkPatch
- http://jvn.jp/en/jp/JVN85695061/995223/index.htmlThird Party AdvisoryVDB Entry
- http://jvn.jp/en/jp/JVN85695061/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000011Third Party AdvisoryVDB Entry
- http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118Broken Link
- http://www.altools.jp/download.aspxBroken LinkPatch
FAQ
What is CVE-2012-0315?
CVE-2012-0315 is a vulnerability with a CVSS score of 9.3 (HIGH). Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as ...
How severe is CVE-2012-0315?
CVE-2012-0315 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0315?
Check the references section above for vendor advisories and patch information. Affected products include: Estsoft Alftp.