| Vulnerability Name: | CVE-2012-5383 | ||||||||
| Assigned: | 2012-10-11 | ||||||||
| Published: | 2012-10-11 | ||||||||
| Updated: | 2013-03-02 | ||||||||
| Summary: | ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. Note: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path' | ||||||||
| CVSS v3 Severity: | 8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-5383 Source: OSVDB Type: UNKNOWN 86175 Source: MISC Type: UNKNOWN https://www.htbridge.com/advisory/HTB23108 | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||