PHP v5.4.3 - PoC remote exploit in the wild
Last Updated: 2012-05-19 - "There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port. Since there is no patch available for this vulnerability yet, you might want to do the following:
• Block any file upload function in your php applications to avoid risks of exploit code execution.
• Use your IPS to filter known shellcodes like the ones included in metasploit.
• Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336* registered at the beginning of the month.
• Use your HIPS to block any possible buffer overflow in your system."
> Last: http://www.php.net/archive/2012.php#id2012-05-08-1
PHP 5.4 (5.4.3) Code Execution (Win32)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2376 - 10.0 (HIGH)