|
|
Family: CGI abuses --> Category: destructive_attack
ActivePerl perlIS.dll Buffer Overflow Vulnerability Scan
Vulnerability Scan Summary
Acertains if arbitrary commands can be executed thanks to ActivePerl's perlIS.dll
Detailed Explanation for this Vulnerability Test
A possible hacker can run arbitrary code on the remote computer.
This is because the remote IIS server is running a version of
ActivePerl prior to 5.6.1.630 and has the Check that file
exists option disabled for the perlIS.dll.
Solution: Either upgrade to a version of ActivePerl more
recent than 5.6.1.629 or enable the Check that file exists option.
To enable this option, open up the IIS MMC, right click on a (virtual)
directory in your web server, choose Properties,
click on the Configuration... button, highlight the .plx item,
click Edit, and then check Check that file exists.
More Information: http://www.securityfocus.com/bid/3526
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
