Release date:
Updated on:
Affected Systems:
ActivePython 2.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55884
Cve id: CVE-2012-5379
ActivePython of ActiveState is an implementation of the Python script language on Microsoft Windows platform.
ActivePython 2.7.2.5, 3.2.2.3, and other versions have insecure file permissions on the installation directory. Local attackers can exploit this vulnerability to execute arbitrary code with higher permissions.
<* Source: High-Tech Bridge
Link: http://secunia.com/advisories/50939/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
ActivePython
------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.activestate.com/Products/ActivePython/