Activestate Activeperl vulnerabilities

CVE-2012-5377 [MEDIUM] CVE-2012-5377: Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, whe Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "

CVE-2006-2856 [MEDIUM] CVE-2006-2856: ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group pe ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2004-2286 [HIGH] CVE-2004-2286: Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.

CVE-2004-2022 [LOW] CVE-2004-2022: ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.

CVE-2001-0815 [HIGH] CVE-2001-0815: Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attacker Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.