PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability

Bugtraq ID:	53621
Class:	Unknown
CVE:	CVE-2012-2376
Remote:	Yes
Local:	No
Published:	May 11 2012 12:00AM
Updated:	Apr 25 2013 11:50AM
Credit:	0in and Condis
Vulnerable:	PHP PHP 5.4.3
Not Vulnerable:

PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability

PHP is prone to a remote code-execution vulnerability.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary code in the context of a webserver affected by the issue. Failed attempts will likely result in denial-of-service conditions.

PHP 5.4.3 is vulnerable; other versions may also be affected.

PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.


The following exploit is available:

• /data/vulnerabilities/exploits/53621.php.txt

PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability

References:

• CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) (OSS General)
  
• PHP 5.4 Remote Exploit PoC in the wild (SANS)
  
• PHP Homepage (PHP)