Vulnerability Description
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python | Python | <= 3.5.0 |
| Microsoft | Windows | All versions |
References
- http://jvn.jp/en/jp/JVN49503705/995204/index.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN49503705/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141Vendor Advisory
- http://www.securityfocus.com/bid/76929
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c
- http://jvn.jp/en/jp/JVN49503705/995204/index.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN49503705/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141Vendor Advisory
- http://www.securityfocus.com/bid/76929
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c
FAQ
What is CVE-2015-5652?
CVE-2015-5652 is a vulnerability with a CVSS score of 7.2 (HIGH). Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE:...
How severe is CVE-2015-5652?
CVE-2015-5652 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5652?
Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Microsoft Windows.