CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2004-0377

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile9.21th
Published2004年5月4日
Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.

Affected Platforms (CPE)

📦
Activestate

Activeperl

All versions
📦
Larry Wall

Perl

<= 5.8.3

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html
🔗 http://marc.info/?l=bugtraq&m=108118694327979&w=2
🔗 http://public.activestate.com/cgi-bin/perlbrowse?patch=22552
🔗 http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities
🔗 http://www.kb.cert.org/vuls/id/722414
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/15732
🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html
🔗 http://marc.info/?l=bugtraq&m=108118694327979&w=2

相關漏洞威脅

CVE-2001-08157.5

Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code vi...

CVE-2004-22867.5

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possib...

CVE-2012-53776.0

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C...

CVE-2006-28564.6

ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, ...