ActivePerl PerlIS.dll Buffer Overflow Network Vulnerability

Summary

An attacker can run arbitrary code on the remote computer. This is because the remote IIS server is running a version of ActivePerl prior to 5.6.1.630 and has the Check that file exists option disabled for the perlIS.dll.

Solution

Either upgrade to a version of ActivePerl more recent than 5.6.1.629 or enable the Check that file exists option. To enable this option, open up the IIS MMC, right click on a (virtual) directory in your web server, choose Properties, click on the Configuration... button, highlight the .plx item, click Edit, and then check Check that file exists. More Information: http://www.securityfocus.com/bid/3526

Severity

Classification

CVE CVE-2001-0815

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AjaxPortal 'di.php' File Inclusion Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
Apache Axis2 Document Type Declaration Processing Security Vulnerability
ASP Inline Corporate Calendar SQL injection
Adobe ColdFusion Multiple Vulnerabilities-02 May-2014

ActivePerl perlIS.dll Buffer Overflow

Take action and discover your vulnerabilities