PHP PHP_NTUser.DLL Extension Multiple Local Buffer Overflow Vulnerabilities
BID:25421
Info
PHP PHP_NTUser.DLL Extension Multiple Local Buffer Overflow Vulnerabilities
| Bugtraq ID: | 25421 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 22 2007 12:00AM |
| Updated: | Aug 31 2007 09:02PM |
| Credit: | shinnai disclosed this vulnerability. |
| Vulnerable: |
PHP PHP 5.2.3 |
| Not Vulnerable: | |
Discussion
PHP PHP_NTUser.DLL Extension Multiple Local Buffer Overflow Vulnerabilities
The PHP php_ntuser extension is prone to multiple local buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input.
Local attackers may be able to execute arbitrary machine code in the context of the affected application or to cause denial-of-service conditions.
These issues affect PHP 5.2.3 when running the vulnerable library; other versions may also be affected.
The PHP php_ntuser extension is prone to multiple local buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input.
Local attackers may be able to execute arbitrary machine code in the context of the affected application or to cause denial-of-service conditions.
These issues affect PHP 5.2.3 when running the vulnerable library; other versions may also be affected.
Exploit / POC
PHP PHP_NTUser.DLL Extension Multiple Local Buffer Overflow Vulnerabilities
The following proof-of-concept exploit is available:
The following proof-of-concept exploit is available:
Solution / Fix
PHP PHP_NTUser.DLL Extension Multiple Local Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
PHP PHP_NTUser.DLL Extension Multiple Local Buffer Overflow Vulnerabilities
References:
References:
- PHP Homepage (PHP)