CVE-2015-5652

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory.  NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
pythonpython
𝑥
≤ 3.5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
cosmic
not-affected
bionic
not-affected
xenial
not-affected
vivid
not-affected
trusty
not-affected
precise
not-affected
python3.2
vivid
dne
trusty
dne
precise
not-affected
python3.4
cosmic
dne
bionic
dne
xenial
dne
vivid
not-affected
trusty
not-affected
precise
dne
python3.5
cosmic
dne
bionic
dne
xenial
not-affected
vivid
dne
trusty
not-affected
precise
dne
References
http://jvn.jp/en/jp/JVN49503705/995204/index.html
http://jvn.jp/en/jp/JVN49503705/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141
http://www.securityfocus.com/bid/76929
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
http://jvn.jp/en/jp/JVN49503705/995204/index.html
http://jvn.jp/en/jp/JVN49503705/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141
http://www.securityfocus.com/bid/76929
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755