Published: 06/01/2006 Updated: 19/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x prior to 4.4.3 for Windows allows malicious users to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.4.0
php php 4.4.1
php php 4.3.10
php php 4.4.2

<?php /* This exploit was designed to work with PHP versions 4310 and 440 under Windows XP SP 1 If another operating system is used, the replacement EIP must be changed The replacement EIP is written 261 bytes into our string For this exploit, I used a CALL ESI from ws2_32dll from Windows XP SP1 The replacement ESI is simply the base ...

CWE-119 http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041013.html http://www.securityfocus.com/bid/16145 http://secunia.com/advisories/18275 http://www.osvdb.org/22232 http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0274.html http://www.php.net/ChangeLog-4.php#4.4.3 http://www.vupen.com/english/advisories/2006/0046 http://www.securityfocus.com/archive/1/420986/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1406/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-0097

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect