IndigoStar Software perl2exe Arbitrary Code Execution Vulnerability

A vulnerability allowing arbitrary code execution exists in IndigoStar Software's perl2exe version 30.10C and prior. This vulnerability allows local authenticated attackers to execute malicious scripts by controlling the 0th argument of packed executables. Exploitation of this vulnerability can bypass restrictions and lead to unauthorized access.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by creating a Perl script and packing it into an executable using perl2exe. After verifying that the packed executable runs as expected, another 'malicious' script can be created and packed in the same way. The 'malicious' executable can then be executed by manipulating the 0th argument of a 'safe' executable, causing it to run the 'malicious' code instead.