Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-8607

EPSS 5.66% · P90
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2015-8607

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Perl PathTools 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Perl是美国程序员拉里-沃尔(Larry Wall)所研发的一种免费且功能强大的跨平台编程语言。PathTools是一套用于系统文件路径的模式匹配工具。 Perl中使用的PathTools 3.62之前版本中的File::Spec模块中的‘canonpath’函数存在安全漏洞,该漏洞源于程序没有正确保存数据的taint属性。攻击者可借助特制的字符串利用该漏洞绕过taint保护机制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2015-8607

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2015-8607

登录查看更多情报信息。

Same Patch Batch · n/a · 2016-01-13 · 28 CVEs total

CVE-2016-0012Microsoft Office ASLR绕过漏洞
CVE-2016-0035Microsoft Office 内存损坏漏洞
CVE-2016-0034Microsoft Silverlight运行时远程执行代码漏洞
CVE-2016-0032Microsoft Exchange 欺骗漏洞
CVE-2016-0031Microsoft Exchange 欺骗漏洞
CVE-2016-0030Microsoft Exchange 欺骗漏洞
CVE-2016-0029Microsoft Exchange 欺骗漏洞
CVE-2016-0024Microsoft Chakra JavaScript脚本引擎内存损坏漏洞
CVE-2016-0020Microsoft Windows DLL加载特权提升漏洞
CVE-2016-0019Microsoft Windows远程桌面协议安全绕过漏洞
CVE-2016-0018Microsoft Windows DLL加载远程执行代码漏洞
CVE-2016-0016Microsoft Windows DLL加载远程执行代码漏洞
CVE-2016-0015Microsoft Windows DirectShow堆损坏远程执行代码漏洞
CVE-2016-0014Microsoft Windows DLL加载特权提升漏洞
CVE-2015-8466Swift3 安全漏洞
CVE-2016-0011Microsoft SharePoint安全功能绕过漏洞
CVE-2016-0010Microsoft Office 内存损坏漏洞
CVE-2016-0009Microsoft Windows Win32k 远程执行代码漏洞
CVE-2016-0008Microsoft Windows GDI32.dll ASLR绕过漏洞
CVE-2016-0007Microsoft Windows装入点特权提升漏洞

Showing top 20 of 28 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2015-8607

No comments yet

Leave a comment