vendor:
PHP
by:
rgod
7.5
CVSS
HIGH
Local Buffer Overflow
119
CWE
Product Name: PHP
Affected Version From: PHP <= 4.4.6
Affected Version To: PHP <= 4.4.6
Patch Exists: NO
Related CWE:
CPE: a:php:php:4.4.6
Platforms Tested: Windows 2000 SP3 EN
2007
PHP <= 4.4.6 ibase_connect() & ibase_pconnect() local buffer overflow
This is a proof-of-concept exploit for a local buffer overflow vulnerability in PHP versions <= 4.4.6. The vulnerability exists in the ibase_connect() and ibase_pconnect() functions. The exploit targets Windows 2000 SP3 EN and utilizes a SEH overwrite technique. The exploit was created by rgod.
Mitigation:
Upgrade to a newer version of PHP that has the vulnerability patched.