Description
Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions.
Remediation
References
Related Vulnerabilities
MySQL CVE-2024-21050 Vulnerability (CVE-2024-21050)
Oracle JRE CVE-2013-0442 Vulnerability (CVE-2013-0442)
OpenSSL Improper Certificate Validation Vulnerability (CVE-2021-3450)
WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8093)