Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ActivePerl Perl2Exe [was] Buffer Overflow in ActivePerl ?

From: "Clint Bodungen" <clint () secureconsulting com>
Date: Thu, 20 May 2004 14:43:57 -0500
I haven't tested it yet but this also probably means that the msi/Microsoft
service compilor in the Activeperl Developer's Kit is as well then.


----- Original Message ----- 
From: "morning_wood" <se_cur_ity () hotmail com>
To: "0day" <0day () nothackers org>; <full-disclosure () lists netsys com>
Sent: Thursday, May 20, 2004 2:08 PM
Subject: [Full-disclosure] ActivePerl Perl2Exe [was] Buffer Overflow in
ActivePerl ?



binaries created via perl2exe also are affected.

C:\>type 1.pl
#
$a="A" x 256; system($a);

C:\>perl2exe -v 1.pl
Perl2Exe V7.02 Copyright (c) 1997-2003 IndigoSTAR Software
Cmd = -v 1.pl
CWD = C:\
Known platforms: Win32
Target platform = Win32 5.006001
$I =
$ENV{'PERL5LIB'} =
Found perl.exe at C:\Perl\bin
LibList = C:\Perl\lib,C:\Perl\site\lib,.
Converting '1.pl' to 1.exe
Compiling 1.pl

C:\>1.exe
[BIG CRASH]

C:\>



Donnie Werner
http://exploitlabs.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: