Vulnerability Description
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | <= 5.4.3 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://isc.sans.edu/diary.html?storyid=13255
- http://openwall.com/lists/oss-security/2012/05/20/2
- http://www.exploit-db.com/exploits/18861/Exploit
- http://www.securitytracker.com/id?1027089
- https://bugzilla.redhat.com/show_bug.cgi?id=823464
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75778
- http://isc.sans.edu/diary.html?storyid=13255
- http://openwall.com/lists/oss-security/2012/05/20/2
- http://www.exploit-db.com/exploits/18861/Exploit
- http://www.securitytracker.com/id?1027089
- https://bugzilla.redhat.com/show_bug.cgi?id=823464
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75778
FAQ
What is CVE-2012-2376?
CVE-2012-2376 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM ob...
How severe is CVE-2012-2376?
CVE-2012-2376 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2376?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Microsoft Windows.