Description
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Oliver Karow · textdoswindows
https://www.exploit-db.com/exploits/24128
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16169
Exploit x_refsource_misc
http://www.perlmonks.org/index.pl?node_id=354145
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=108489112131099&w=2
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108489894009025&w=2
Exploit x_refsource_misc
http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=108483058514596&w=2
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=108482796105922&w=2
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10375
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html
Scores
EPSS
0.0147
EPSS Percentile
81.0%
Details
Status
published
Products (8)
activestate/activeperl
5.6.1
activestate/activeperl
5.6.1.630
activestate/activeperl
5.6.2
activestate/activeperl
5.6.3
activestate/activeperl
5.7.1
activestate/activeperl
5.7.2
activestate/activeperl
5.7.3
activestate/activeperl
5.8
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026