CVE-2023-47039

Summary

CVE-2023-47039 is a vulnerability affecting Perl for Windows. The issue arises due to Perl's dependence on the system path environment variable for locating `cmd.exe`. Perl initially searches for `cmd.exe` in the current working directory, making it susceptible to path search order issues. An attacker with limited privileges can exploit this flaw by placing `cmd.exe` in weakly protected areas like `C:\\ProgramData`. When an administrator runs an executable that uses the Windows Perl interpreter from these compromised locations, arbitrary code execution ensues.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.