GS Mag n°12
Next Issues
Subscriptions
Publicity

Google

 Flux RSS
 












Nous gérons le fil d'information de l'officiel du bateau : bateau occasion
 

Vigil@nce: PHP, several vulnerabilities
June 2009  by Vigil@nce

An attacker can use several vulnerabilities of PHP in order to create a denial of service or to execute code.

Severity: 2/4

Consequences: user access/rights, data reading, denial of service of service

Provenance: internet client

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 2

Creation date: 19/06/2009

IMPACTED PRODUCTS

- PHP

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in PHP 5.

A JPEG image containing malicious EXIF data generates a memory corruption in the exif_read_data() function. [grav:2/4; 48378, BID-35440]

Under Windows, a script can execute all commands (despite the "Safe Mode") by prefixing them by a ’\’ character. [grav:2/4; 45997, BID-35435]

These vulnerabilities are local or remote depending on the context.

CHARACTERISTICS

Identifiers: 45997, 48378, BID-35435, BID-35440, VIGILANCE-VUL-8808

http://vigilance.fr/vulnerability/PHP-several-vulnerabilities-8808



< previous      next >















 
Stay informed with Global Security Mag newsletters
copyright® 2007 S.I.M. Publicité