Summary
The host is running PHP and is prone to Buffer Overflow vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary code via a crafted string containing an HTML entity.
Impact Level: Application
Solution
Upgrade to version 5.2.7 or later,
http://www.php.net/downloads.php
Insight
The flaw is due to error in mbfilter_htmlent.c file in the mbstring extension. These can be exploited via mb_convert_encoding, mb_check_encoding, mb_convert_variables, and mb_parse_str functions.
Affected
PHP version 4.3.0 to 5.2.6 on all running platform.
References
Severity
Classification
-
CVE CVE-2008-5557 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
- BigAntSoft BigAnt IM Message Server Multiple Vulnerabilities
- Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Mac OS X)
- Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
- Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)