Info

Disclosure

Aug 20, 2012

Discovery

Unknown

Dates

Exploit

Aug 20, 2012

Solution

Unknown

Description

PHP contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs in the com_event_sink function in the Win Com module, which may allow a local attacker to gain escalated privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Authentication Required

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

The PHP Group

PHP

5.3.4

References

Exploit Database: 21887
Other Advisory URL: http://www.garage4hackers.com/blogs/8/web-app-remote-code-execution-via-scripting-engines-part-1-local-exploits-php-0-day-394/
Vendor URL: http://www.php.net/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86823