BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

PHP Substr_Replace Memory Corruption

Disclosed March 13, 2011    Fully Patched

Vulnerability Description:

PHP contains a use-after-free vulnerability in the substr_replace function. Successful exploitation could allow attackers to cause denial of service conditions and potentially execute arbitrary code.

Vendors:

PHP

Vulnerable Software/Devices:

PHP 5.3.6 and earlier.

Vulnerability Severity:

Medium

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Server-Side Arbitrary Remote Code Execution This server-side vulnerability could allow an attacker to gain the ability to remotely execute arbitrary code with the same privileges as the affected service.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 15107 - PHP Multiple Vulnerabilities (20110823)

Mitigation:

No mitigation has been provided.

Links:

CVE(s):

None