CyberSec.Space Logo
Back to CVE Browser

CVE-2006-2856

MEDIUM
4.6
CVSS Severity Score
EPSS Score0.0850%
EPSS Percentile14.63th
PublishedJun 6, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Affected Platforms (CPE)

πŸ“¦
Activestate

Activeperl

= 5.8.8.817

References & Advisories

πŸ”— http://secunia.com/advisories/20328
πŸ”— http://www.osvdb.org/25974
πŸ”— http://www.securityfocus.com/bid/18269
πŸ”— http://www.vupen.com/english/advisories/2006/2140
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/26915
πŸ”— http://secunia.com/advisories/20328
πŸ”— http://www.osvdb.org/25974
πŸ”— http://www.securityfocus.com/bid/18269

Related Vulnerabilities

CVE-2004-037710.0

Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or...

CVE-2001-08157.5

Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code vi...

CVE-2004-22867.5

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possib...

CVE-2012-53776.0

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C...