CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Original sources:
https://isc.sans.edu/diary/PHP+5+4+Remote+Exploit+PoC+in+the+wild/13255
http://packetstormsecurity.org/files/112851/php54-exec.txt
http://www.exploit-db.com/exploits/18861/
http://www.reddit.com/r/netsec/comments/tuyp3/isc_diary_php_54_remote_exploit_poc_in_the_wild/

- From the exploit:

// Exploit Title: PHP 5.4 (5.4.3) Code Execution 0day (Win32)
// Exploit author: 0in (Maksymilian Motyl)
// Email: 0in(dot)email(at)gmail.com
// * Bug with Variant type parsing originally discovered by Condis
// Tested on Windows XP SP3 fully patched (Polish)

There appears to be a buffer overflow in com_print_typeinfo(), it
appears to only affect PHP on Windows (COM object related).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPuHGyAAoJEBYNRVNeJnmTzdsP/3whmwu6ImrekHLWJQ/lsms7
ZRyIlkawEmTD6VO1PqJ/IN+a4Gid168ARsQV0KOsKJ9dd9cdcGBIRQ3qT1ENfplG
MnL9B89Z75l7Zk28exVXCJcKvCczN83g/tMVUBceGH2hk8bQYbcykYeUTBiXVCsa
JA9E8wPMmNQjRHvkbKL1Ec3uMLJuZAAx8OIqSi87PXalVtOyfR+EXFJnGo8VemID
tyhb7UOk7toUJFG77pIal0LkXbE6P9JTjibzLtmvMMrmwXzrRlxA4XBqCeHIpbk5
Dc+ukBDYK/BqhXl3OoetbYXglrSV2HjRKAQSpiZe/3iTm41foiDRjc4YBZFgKXf8
DY5P3/022VHVXKou88+QFZjr1yGRqlncheZL44cZzvoWCPAR6XjDAlzJP4Gh2FGn
E6hHoa1Sy70k06nKxUPx7KEzZ+KoUAF1pqsw9mzE6Dv4k4BsREGaceDXpwu8loaY
jzaI28SQtVMFsVB1Lgpd2jt4U2ZLbtbsmlyHNw2EYwJrWE+/Rq4zD0VLzq4OMArv
brkQ/xQCZG+feNVnpXrqv4zKCgYBKZWgQqZxSpEJHmRzhSzXvIh/FOxkbp6Lf+Sh
+1Z6puxEOHlEO20I5D4DD//r+8YqIb0zerKClsKAQj7Q54LYOAC62g6AbePW95S5
3gBx2LxCAFlwMwrUB2zm
=aBYa
-----END PGP SIGNATURE-----