CVE-2024-58278

HIGH

perl2exe <= V30.10C - Authenticated Arbitrary Code Execution via Packed Executable Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58278. PoCs published by decrazyo.

AI-analyzed exploit summary This exploit demonstrates arbitrary code execution by manipulating the 0th argument of executables created with perl2exe <= V30.10C. It allows an attacker to execute a different perl2exe-compiled executable by controlling the process name, bypassing execution restrictions.

Description

perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.

Exploits (1)

exploitdb WORKING POC

by decrazyo · textremotemultiple

https://www.exploit-db.com/exploits/51825

View Code ZIP pw:eip

This exploit demonstrates arbitrary code execution by manipulating the 0th argument of executables created with perl2exe <= V30.10C. It allows an attacker to execute a different perl2exe-compiled executable by controlling the process name, bypassing execution restrictions.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: perl2exe <= V30.10C

No auth needed

Prerequisites: Access to a perl2exe-compiled executable · Ability to create or modify perl scripts

MITRE ATT&CK

T1059.004 - Unix Shell T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources product

https://www.indigostar.com/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51825

Various Sources product permissions-required

https://www.indigostar.com/download/p2x-30.10-Linux-x64-5.30.1.tar.gz

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/indigostar-software-perl2exe-v3010c-arbitrary-code-execution

Scores

CVSS v4 8.5

EPSS 0.0002

EPSS Percentile 7.3%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

IndigoSTAR Software/perl2exe < V30.10C

Published Dec 04, 2025

Tracked Since Feb 18, 2026