How severe is CVE-2012-5379?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2012-5379?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2012-5379

HIGH Year: 2012

CVSS v3 Score

7.3

High

CVSS v2 Score

6.0

Medium

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation

CVE-2003-0063

HIGH

CVSS:7.3(High)

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's t...

NVD-CWE-Other2003

CVE-2015-6527

HIGH

CVSS:7.3(High)

The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace...

NVD-CWE-Other2015

CVE-2015-6832

HIGH

CVSS:7.3(High)

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrar...

NVD-CWE-Other2015

CVE-2015-6836

HIGH

CVSS:7.3(High)

The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary ...

NVD-CWE-Other2015

CVE-2015-8560

HIGH

CVSS:7.3(High)

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ;...

NVD-CWE-Other2015

CVE-2016-1729

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.

NVD-CWE-Other2016

CVE-2012-5379

Vulnerability Description

Related Vulnerabilities

CVE-2003-0063

CVE-2015-6527

CVE-2015-6832

CVE-2015-6836

CVE-2015-8560

CVE-2016-1729