Vulnerabilities > CVE-2004-2022 - Buffer Overflow vulnerability in Multiple Perl Implementation System Function Call

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
activestate
exploit available

Summary

ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.

Exploit-Db

descriptionActivePerl 5.x,Cygwin 1.5.x System Function Call Buffer Overflow Vulnerability. CVE-2004-2022. Dos exploit for windows platform
idEDB-ID:24128
last seen2016-02-02
modified2004-05-18
published2004-05-18
reporterOliver Karow
sourcehttps://www.exploit-db.com/download/24128/
titleActivePerl 5.x / Cygwin 1.5.x - System Function Call Buffer Overflow Vulnerability