CVE-2012-0315 — Alftp vulnerability

3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

0.8%

top 26.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Estsoft Alftp

Timeline

PublishedFeb 22

Latest updateMay 4

Description

Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDestsoft/alftp5.1+3

Patches

Patch: www.altools.jp ↗Patch: www.altools.jp ↗

🔴Vulnerability Details

GHSA

GHSA-vc52-47rr-w6j9: Untrusted search path vulnerability in ALFTP before 5↗2022-05-04

▶

CVEList

CVE-2012-0315: Untrusted search path vulnerability in ALFTP before 5↗2012-02-22

▶