CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0377

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile9.21th
PublishedMay 4, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.

Affected Platforms (CPE)

πŸ“¦
Activestate

Activeperl

All versions
πŸ“¦
Larry Wall

Perl

<= 5.8.3

References & Advisories

πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html
πŸ”— http://marc.info/?l=bugtraq&m=108118694327979&w=2
πŸ”— http://public.activestate.com/cgi-bin/perlbrowse?patch=22552
πŸ”— http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities
πŸ”— http://www.kb.cert.org/vuls/id/722414
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/15732
πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html
πŸ”— http://marc.info/?l=bugtraq&m=108118694327979&w=2

Related Vulnerabilities

CVE-2001-08157.5

Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code vi...

CVE-2004-22867.5

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possib...

CVE-2012-53776.0

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C...

CVE-2006-28564.6

ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, ...