Security readout for executives and security teams
Plain-English summary
This disputed CVE describes a conditional Windows privilege-escalation risk involving legacy ActivePython installation behavior and unsafe PATH configuration. If the setup exists, a local user might cause a privileged Windows service to load an attacker-controlled DLL. Urgency is targeted: verify legacy hosts rather than treating it as broad exposure.
Executive priority
Treat this as a legacy configuration audit item, not an emergency internet-facing vulnerability. Prioritize if old Windows servers still run unsupported Python tooling with broad local user access.
Technical view
The record describes untrusted search path behavior when ActivePython 3.2.2.3 is installed at top-level C:\ and C:\Python27 or C:\Python27\Scripts is later added to the system PATH by an administrator. A local user might place a Trojan DLL that a Windows service loads. CVE explicitly disputes the issue because that PATH change is not default installation behavior.
Likely exposure
Exposure appears limited to legacy Windows systems with the specific ActivePython setup and administrator-added PATH entries. The source bundle does not provide reliable affected CPEs or a vendor-supported product matrix.
Exploitation context
The CVSS vector indicates local access, low privileges, and required user interaction. The bundle does not show KEV listing or cited evidence of active exploitation. The scenario depends on a separate administrative PATH misconfiguration.
Researcher notes
The CVE is disputed, and the affected field in the provided bundle is n/a. The useful technical signal is the described unsafe PATH plus writable directory condition. Do not assume default ActivePython installation is vulnerable without confirming the separate admin PATH action.
Mitigation direction
- Check vendor or archived ActivePython guidance for supported remediation.
- Remove unsafe writable directories from system PATH where possible.
- Avoid installing language runtimes directly under C:\ on Windows hosts.
- Restrict write permissions on runtime and Scripts directories.
- Prioritize decommissioning unsupported ActivePython 3.2.2.3 installations.
Validation and detection
- Inventory Windows hosts for ActivePython 3.2.2.3 installations.
- Check whether C:\Python27 or C:\Python27\Scripts appears in system PATH.
- Verify directory permissions prevent local users from writing DLLs.
- Review service DLL search exposure only on matching legacy systems.
- Document exceptions where vendor guidance is unavailable.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2012-5379 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 7.3 (3.1)
- Known Exploited
- No
- Published
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H1.35.9Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
7.3HighVector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Source materials
- CVE List V5 sourceCVE List V5
- https://www.htbridge.com/advisory/HTB23108CVE reference · x_refsource_MISC
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
