Vigil@nce - Perl UI-Dialog: code execution via Menu
October 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who can control the text displayed in menus of
applications using Perl UI::Dialog, can run code.
Impacted products: Perl Module not comprehensive.
Severity: 1/4.
Creation date: 08/10/2015.
DESCRIPTION OF THE VULNERABILITY
The Perl UI::Dialog library create graphical interfaces for Perl
programs.
The menu() method creates a menu. However, the second parameter is
directly injected in a shell command.
An attacker, who can control the text displayed in menus of
applications using Perl UI::Dialog, can therefore run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-UI-Dialog-code-execution-via-Menu-18061