CVE-2012-5377

ActivePerl 5.16.1.1601 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5377.

AI-analyzed exploit summary This Metasploit module exploits a missing DLL vulnerability in the IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) on Windows Vista to Windows 8. It leverages an insecure bin path to plant a malicious DLL, which is then loaded by the service running as SYSTEM.

Description

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

Exploits (1)

exploitdb WORKING POC
rubylocalwindows
https://www.exploit-db.com/exploits/28130

This Metasploit module exploits a missing DLL vulnerability in the IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) on Windows Vista to Windows 8. It leverages an insecure bin path to plant a malicious DLL, which is then loaded by the service running as SYSTEM.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Windows Vista to Windows 8 (IKE and AuthIP IPsec Keyring Modules Service)
Auth required
Prerequisites: Access to a vulnerable Windows system · Ability to write to a directory in the system's PATH · Service (IKEEXT) must be set to Auto or Manual startup
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/86177

Scores

EPSS 0.0037
EPSS Percentile 59.6%

Details

Status published
Products (1)
activestate/activeperl 5.16.1.1601
Published Oct 11, 2012
Tracked Since Feb 18, 2026