CVE-2004-0377

NONE EPSS 93.3%
Published May 4, 200422y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 4, 2004 22y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.

Threat Intelligence

EPSS Exploit Probability
93.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 2

VendorProductVersionRange
activestateactiveperl*any
larry_wallperl* ≤5.8.3

References 6

  • lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html
    PatchVendor Advisory
  • marc.info http://marc.info/?l=bugtraq&m=108118694327979&w=2
  • public.activestate.com http://public.activestate.com/cgi-bin/perlbrowse?patch=22552
  • idefense.com http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities
  • kb.cert.org http://www.kb.cert.org/vuls/id/722414
    PatchThird Party AdvisoryUS Government Resource
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/15732

Remediation

  • lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html
    PatchVendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/722414
    PatchThird Party AdvisoryUS Government Resource