PROBLEM:
PHP "php_register_variable_ex()" Code Execution Vulnerability
PLATFORM:
PHP 5.3.x
ABSTRACT:
Execution of arbitrary code via network as well as user access via network
reference LINKS:
PHP Security Archive
SecurityTracker Alert ID: 1026631
Secunia Advisory SA47806
CVE-2012-0830
IMPACT ASSESSMENT:
High
Discussion:
A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system.
Impact:
A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system. The code will run with the privileges of the target service.
Solution:
The vendor has issued a fix (5.3.10)