PHP EXIF Header Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone to denial of service vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code, obtain sensitive information or cause a denial of service. Impact Level: Application

Solution

Upgrade to PHP version 5.4.0 beta 4 or later. For updates refer to http://www.php.net/downloads.php

Insight

The flaw is due to an integer overflow error in 'exif_process_IFD_TAG' function in the 'ext/exif/exif.c' file, Allows remote attackers to cause denial of service via crafted offset_val value in an EXIF header.

Affected

PHP version 5.4.0 beta 2 on windows.

References

http://olex.openlogic.com/wazi/2011/php-5-4-0-medium/
https://bugs.php.net/bug.php?id=60150
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4566

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4566
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P

Related Vulnerabilities

Asterisk RTP Text Frames Denial Of Service Vulnerability
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)
Apache Connection Blocking Denial of Service
Connect back to SOCKS5 server
Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability

PHP EXIF Header Denial of Service Vulnerability (Windows)

Take action and discover your vulnerabilities