> -----Original Message----- > From: Jim [mailto:raxor@dexlink.com] > Sent: 16. november 2001 02:55 > To: bugtraq@securityfocus.com > Subject: Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer > Overflow Vulnerability > > > Mailer: SecurityFocus > In-Reply-To: <20011115113830.45A9.SECURITY@nsfocus.com> > > Has anyone been able to duplicate this bug ? > > Am I wrong or does the ISAPI version of ActivePerl > execute .plx files and not .pl as mentioned in the > advisory ? > You're right ActivePerl by default registers perlIIS.dll with .plx and perl.exe with .pl. But the documentation suggests to map .pl to the DLL instead of the EXE if the perl code is well behave (closes opened files, releases allocated objects, if not those would first be release when the perl process stops, being a DLL that can be a long time). And many system administrators does this. Hack 8-)
