- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24128
- Проверка EDB
-
- Пройдено
- Автор
- OLIVER KAROW
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- cve-2004-2022
- Дата публикации
- 2004-05-18
Код:
source: https://www.securityfocus.com/bid/10375/info
ActiveState Perl and Perl for cygwin are both reported to be prone to a buffer overflow vulnerability.
The issue is reported to exist due to a lack of sufficient bounds checking that is performed on data that is passed to a Perl system() function call. This vulnerability may permit an attacker to influence execution flow of a vulnerable Perl script to ultimately execute arbitrary code. Arbitrary code execution will occur in the context of the user who is running the malicious Perl script.
perl -e "$a="A" x 256; system($a)"
- Источник
- www.exploit-db.com