Vulnerability CVE-2012-2376 - CERT Civis.Net

Vulnerability Name:

CVE-2012-2376 (CCN-75778)

Assigned:

2012-05-11

Published:

2012-05-11

Updated:

2017-08-29

Summary:

Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
9.0 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
8.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2012-2376

Source: MISC
Type: UNKNOWN
http://isc.sans.edu/diary.html?storyid=13255

Source: MLIST
Type: UNKNOWN
[oss-security] 20120519 Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)

Source: EXPLOIT-DB
Type: Exploit
18861

Source: CCN
Type: OSVDB ID: 82263
PHP com_print_typeinfo Function Crafted Argument Local Overflow

Source: CCN
Type: PHP Web site
PHP

Source: CCN
Type: BID-53621
PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1027089

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=823464

Source: XF
Type: UNKNOWN
php-comprinttypeinfo-function-dos(75778)

Source: XF
Type: UNKNOWN
php-comprinttypeinfo-function-dos(75778)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-11-2012]

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:1.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:2.0b10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.12:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.13:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.14:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.15:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.16:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.17:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.18:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.12:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.13:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.14:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.15:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.16:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.17:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.5:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.4.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.4.3)

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.4.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.precise:def:20122376000	V	CVE-2012-2376 on Ubuntu 12.04 LTS (precise) - medium.	2012-05-21