CVE-2012-5378

ActiveTcl 8.5.12 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5378.

AI-analyzed exploit summary This Metasploit module exploits a missing DLL vulnerability in the IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) on Windows Vista to Windows 8. It leverages an insecure bin path to plant a malicious DLL, which is then loaded by the service running as SYSTEM.

Description

Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.

Exploits (1)

exploitdb WORKING POC
rubylocalwindows
https://www.exploit-db.com/exploits/28130

This Metasploit module exploits a missing DLL vulnerability in the IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) on Windows Vista to Windows 8. It leverages an insecure bin path to plant a malicious DLL, which is then loaded by the service running as SYSTEM.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Windows Vista to Windows 8 (IKEEXT service)
Auth required
Prerequisites: Write access to a directory in the system PATH · IKEEXT service must be set to Automatic startup
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/86179

Scores

EPSS 0.0024
EPSS Percentile 47.4%

Details

Status published
Products (1)
activestate/activetcl 8.5.12
Published Oct 11, 2012
Tracked Since Feb 18, 2026