CVE-2004-0377

Published: May 4, 2004Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.

Affected (2)

Products: Activestate: Activeperl · Larry Wall: Perl

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Activestate Activeperl	All versions
Larry Wall Perl	Up to 5.8.3

References (12)

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html

Source: cve@mitre.org

PatchVendor Advisory

http://marc.info/?l=bugtraq&m=108118694327979&w=2

Source: cve@mitre.org

http://public.activestate.com/cgi-bin/perlbrowse?patch=22552

Source: cve@mitre.org

http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/722414

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

https://exchange.xforce.ibmcloud.com/vulnerabilities/15732

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html