CVE-2012-2376
HIGH severity · CVSS 10 · Memory corruption
10CVSS HIGH
Summary
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)37%
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://isc.sans.edu/diary.html?storyid=13255
- http://openwall.com/lists/oss-security/2012/05/20/2
- http://www.securitytracker.com/id?1027089
- https://bugzilla.redhat.com/show_bug.cgi?id=823464
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75778
- http://isc.sans.edu/diary.html?storyid=13255
- http://openwall.com/lists/oss-security/2012/05/20/2
- http://www.exploit-db.com/exploits/18861/Exploit