CVE-2012-2376 Information

Description

Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types as exploited in the wild in May 2012.

Reference

http://isc.sans.edu/diary.html?storyid=13255 http://openwall.com/lists/oss-security/2012/05/20/2 http://www.exploit-db.com/exploits/18861/ http://www.securitytracker.com/id?1027089 https://bugzilla.redhat.com/show_bug.cgi?id=823464 https://exchange.xforce.ibmcloud.com/vulnerabilities/75778