oss-sec mailing list archives
Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 19 May 2012 22:25:02 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/19/2012 10:23 PM, Kurt Seifried wrote:
Original sources: https://isc.sans.edu/diary/PHP+5+4+Remote+Exploit+PoC+in+the+wild/13255
http://packetstormsecurity.org/files/112851/php54-exec.txt
http://www.exploit-db.com/exploits/18861/ http://www.reddit.com/r/netsec/comments/tuyp3/isc_diary_php_54_remote_exploit_poc_in_the_wild/ From the exploit: // Exploit Title: PHP 5.4 (5.4.3) Code Execution 0day (Win32) // Exploit author: 0in (Maksymilian Motyl) // Email: 0in(dot)email(at)gmail.com // * Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched (Polish) There appears to be a buffer overflow in com_print_typeinfo(), it appears to only affect PHP on Windows (COM object related).
Please use CVE-2012-2376 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPuHIeAAoJEBYNRVNeJnmTQXoP/3OD9gIBD2mC8aHtktZeSVHt 4lWz1ONf6cMazdiOZjHGF7OK/ZIIFoocAVpwxKUjCoTWRPoboQOnrenY/ff0kD/x MqIm84i51Yqzjbh+3MM9muzjJ2PmvahNmlV7hjEcyJWHww8NiEs1kxtGGrGcb0dU caJSkCaauXrlbBOpwOpx56WiKebuV5v0kxPTs6fQSapmyAiBL82k+194VYJ6GKHS vU8vf9XF3XGV+Z/wojRaETN5nBRtcssKJCUHquin+PRmyZoljyQFpj7QKm1uNXAX A14kYz0XjwqgkJxjVWaGF5Y7tcWsAIUcxNby6WyBK1ewzQpiyVPt5/W9/OyWzs31 Dxi78nm5MlCq0xVkTUpvg9bVvnEyg+ZkA2FKVnwJl+AWAP0p3QEDrn7ocyEJl7PU 6FpTQ+JYN13p1bJrGJsP1SXhh8/pyA0BsYUEyREQmgo6CA6p6vTvRHxIXdpEf1dt T0P/iBXPLb7+kK5m8UMlXQ7cGfRusO2qJFt9ratT+K/cEoKDutvNCmSaucfDNgLS tx/+BiC5e/MmAaMUOgGwAw2bP2LTWKNj/xAg4rpkQm4oYZHgfsGLpeTnd/MogLpH DYzAADhuDcZbkY0qy31vNINC4aWUcr+2nqEeSHNdoTHev4h540iUHdm4juPX3czc J3CFF70WsHikbJeyrPx/ =YHEn -----END PGP SIGNATURE-----
Current thread:
- CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried (May 19)
- Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried (May 19)