Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 2

Remote code execution in PHP
CVE-2012-2376

Buffer overflow

The vulnerability allows a remote attacker to cause DoS conditions or execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the com_print_typeinfo function. A remote attacker can send a specially crafted arguments, trigger incorrect handling of COM object VARIANT types and cause the target application to crash or execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Bug with Variant type parsing was originally discovered by Condis. There is evidence this vulnerability was being exploited in the wild before official patch release.

Software: PHP

Known/fameous malware:

Trojan.Filecoder

Bug with Variant type parsing was originally discovered by Condis. There is evidence this vulnerability was being exploited in the wild before official patch release.

Remote command injection in PHP
CVE-2012-2311

OS command injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to error when parsing QUERY_STRING parameters within PHP-CGI-based application (sapi/cgi/cgi_main.c). A remote attacker can send specially crafted HTTP request with query string, contain a %3D sequence but no = (equals sign) character, inject and execute arbitrary OS commands on vulnerable system with privileges of the web server.

Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.

This vulnerability is a result of an incomplete fix for SB2012050301.

Note: the vulnerability was being actively exploited.
i

Also known as CVE-2012-1823.The patch for the original vulnerability CVE-2012-1823 was accidentally disclosed before the official release however did not fix the issue. The vulnerability became widely discussed in the public and used in real-world attacks. It took several days for the developers to issue a proper security patch.

The vulnerability was being exploited by Linux worm (Linux.Darlloz) in 2013 to target the Internet of things (IoT) devices.


Software: PHP

Known/fameous malware:

Linux.Darlloz

Also known as CVE-2012-1823.The patch for the original vulnerability CVE-2012-1823 was accidentally disclosed before the official release however did not fix the issue. The vulnerability became widely discussed in the public and used in real-world attacks. It took several days for the developers to issue a proper security patch.

The vulnerability was being exploited by Linux worm (Linux.Darlloz) in 2013 to target the Internet of things (IoT) devices.