Back to KEVs

CVE-2012-2376

Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 19, 2012
Published Date
May 21, 2012
Last Updated
August 06, 2024
Vendor
PHP
Product
PHP
Description
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
Tags
php windows

CVSS Scores

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2012-05-21 15:00:00 UTC) Source

References

http://isc.sans.edu/diary.html?storyid=13255 https://exchange.xforce.ibmcloud.com/vulnerabilities/75778 http://www.exploit-db.com/exploits/18861/ https://bugzilla.redhat.com/show_bug.cgi?id=823464 http://openwall.com/lists/oss-security/2012/05/20/2 http://www.securitytracker.com/id?1027089

Known Exploited Vulnerability Information

Source Added Date
CVE 2012-05-21 15:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel