Release date:
Updated on:
Affected Systems:
PHP <5.4.5
PHP <5.3.15
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54638
Cve id: CVE-2012-2688
PHP is an embedded HTML language. PHP is similar to Microsoft's ASP. It is a script language that is executed on the server side and embedded in HTML documents, the language style is similar to the C language and is widely used by many website programmers.
The _ php_stream_scandir function in PHP versions earlier than 5.3.15 and 5.4.5 has a buffer overflow vulnerability in stream implementation. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected Web server.
<* Source: vendor
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.php.net