CVE-2012-0315

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/02/2012
Last modified:
11/04/2025

Description

Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:estsoft:alftp:*:*:*:*:*:*:*:* 5.1 (including)
cpe:2.3:a:estsoft:alftp:4.1:*:*:*:*:*:*:*
cpe:2.3:a:estsoft:alftp:4.1:beta2:*:*:*:*:*:*
cpe:2.3:a:estsoft:alftp:4.1:beta2:*:en:*:*:*:*
cpe:2.3:a:estsoft:alftp:5.0:*:*:*:*:*:*:*
cpe:2.3:a:estsoft:alftp:5.1:beta2:*:*:*:*:*:*