oss-sec mailing list archives
CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 19 May 2012 22:23:14 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Original sources: https://isc.sans.edu/diary/PHP+5+4+Remote+Exploit+PoC+in+the+wild/13255 http://packetstormsecurity.org/files/112851/php54-exec.txt http://www.exploit-db.com/exploits/18861/ http://www.reddit.com/r/netsec/comments/tuyp3/isc_diary_php_54_remote_exploit_poc_in_the_wild/ - From the exploit: // Exploit Title: PHP 5.4 (5.4.3) Code Execution 0day (Win32) // Exploit author: 0in (Maksymilian Motyl) // Email: 0in(dot)email(at)gmail.com // * Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched (Polish) There appears to be a buffer overflow in com_print_typeinfo(), it appears to only affect PHP on Windows (COM object related). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPuHGyAAoJEBYNRVNeJnmTzdsP/3whmwu6ImrekHLWJQ/lsms7 ZRyIlkawEmTD6VO1PqJ/IN+a4Gid168ARsQV0KOsKJ9dd9cdcGBIRQ3qT1ENfplG MnL9B89Z75l7Zk28exVXCJcKvCczN83g/tMVUBceGH2hk8bQYbcykYeUTBiXVCsa JA9E8wPMmNQjRHvkbKL1Ec3uMLJuZAAx8OIqSi87PXalVtOyfR+EXFJnGo8VemID tyhb7UOk7toUJFG77pIal0LkXbE6P9JTjibzLtmvMMrmwXzrRlxA4XBqCeHIpbk5 Dc+ukBDYK/BqhXl3OoetbYXglrSV2HjRKAQSpiZe/3iTm41foiDRjc4YBZFgKXf8 DY5P3/022VHVXKou88+QFZjr1yGRqlncheZL44cZzvoWCPAR6XjDAlzJP4Gh2FGn E6hHoa1Sy70k06nKxUPx7KEzZ+KoUAF1pqsw9mzE6Dv4k4BsREGaceDXpwu8loaY jzaI28SQtVMFsVB1Lgpd2jt4U2ZLbtbsmlyHNw2EYwJrWE+/Rq4zD0VLzq4OMArv brkQ/xQCZG+feNVnpXrqv4zKCgYBKZWgQqZxSpEJHmRzhSzXvIh/FOxkbp6Lf+Sh +1Z6puxEOHlEO20I5D4DD//r+8YqIb0zerKClsKAQj7Q54LYOAC62g6AbePW95S5 3gBx2LxCAFlwMwrUB2zm =aBYa -----END PGP SIGNATURE-----
Current thread:
- CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried (May 19)
- Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried (May 19)