Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/19/2012 10:23 PM, Kurt Seifried wrote:
> Original sources: 
> https://isc.sans.edu/diary/PHP+5+4+Remote+Exploit+PoC+in+the+wild/13255
http://packetstormsecurity.org/files/112851/php54-exec.txt
> http://www.exploit-db.com/exploits/18861/ 
> http://www.reddit.com/r/netsec/comments/tuyp3/isc_diary_php_54_remote_exploit_poc_in_the_wild/
>
>  From the exploit:
>
> // Exploit Title: PHP 5.4 (5.4.3) Code Execution 0day (Win32) //
> Exploit author: 0in (Maksymilian Motyl) // Email:
> 0in(dot)email(at)gmail.com // * Bug with Variant type parsing
> originally discovered by Condis // Tested on Windows XP SP3 fully
> patched (Polish)
>
> There appears to be a buffer overflow in com_print_typeinfo(), it 
> appears to only affect PHP on Windows (COM object related).

Please use CVE-2012-2376 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPuHIeAAoJEBYNRVNeJnmTQXoP/3OD9gIBD2mC8aHtktZeSVHt
4lWz1ONf6cMazdiOZjHGF7OK/ZIIFoocAVpwxKUjCoTWRPoboQOnrenY/ff0kD/x
MqIm84i51Yqzjbh+3MM9muzjJ2PmvahNmlV7hjEcyJWHww8NiEs1kxtGGrGcb0dU
caJSkCaauXrlbBOpwOpx56WiKebuV5v0kxPTs6fQSapmyAiBL82k+194VYJ6GKHS
vU8vf9XF3XGV+Z/wojRaETN5nBRtcssKJCUHquin+PRmyZoljyQFpj7QKm1uNXAX
A14kYz0XjwqgkJxjVWaGF5Y7tcWsAIUcxNby6WyBK1ewzQpiyVPt5/W9/OyWzs31
Dxi78nm5MlCq0xVkTUpvg9bVvnEyg+ZkA2FKVnwJl+AWAP0p3QEDrn7ocyEJl7PU
6FpTQ+JYN13p1bJrGJsP1SXhh8/pyA0BsYUEyREQmgo6CA6p6vTvRHxIXdpEf1dt
T0P/iBXPLb7+kK5m8UMlXQ7cGfRusO2qJFt9ratT+K/cEoKDutvNCmSaucfDNgLS
tx/+BiC5e/MmAaMUOgGwAw2bP2LTWKNj/xAg4rpkQm4oYZHgfsGLpeTnd/MogLpH
DYzAADhuDcZbkY0qy31vNINC4aWUcr+2nqEeSHNdoTHev4h540iUHdm4juPX3czc
J3CFF70WsHikbJeyrPx/
=YHEn
-----END PGP SIGNATURE-----