CVE-2004-2022

ActivePerl - Denial of Service and Possible Remote Code Execution via Long System Command Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2022. PoCs published by Oliver Karow.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in ActiveState Perl and Perl for cygwin by passing an overly long string to the system() function, potentially leading to arbitrary code execution.

Description

ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Oliver Karow · textdoswindows

https://www.exploit-db.com/exploits/24128

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in ActiveState Perl and Perl for cygwin by passing an overly long string to the system() function, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ActiveState Perl, Perl for cygwin

No auth needed

Prerequisites: Perl interpreter vulnerable to the buffer overflow

MITRE ATT&CK