PHP 5.4 Remote Exploit PoC in the wild

There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.

The exploit can be found here:
http://www.exploit-db.com/exploits/18861/

Since there is no patch available for this vulnerability yet, you might want to do the following:
  • Block any file upload function in your php applications to avoid risks of exploit code execution.
  • Use your IPS to filter known shellcodes like the ones included in metasploit.
  • Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
  • Use your HIPS to block any possible buffer overflow in your system.
Reference:
isc.sans.edu
    Category: / /

    Share this with Your friends: