CyberSec.Space Logo
Back to CVE Browser

CVE-2012-2376

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile35.21th
PublishedMay 21, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.

Affected Platforms (CPE)

📦
Php

Php

<= 5.4.3
📦
Php

Php

= 1.0
📦
Php

Php

= 2.0
📦
Php

Php

= 2.0b10
📦
Php

Php

= 3.0
📦
Php

Php

= 3.0.1
📦
Php

Php

= 3.0.2
📦
Php

Php

= 3.0.3
📦
Php

Php

= 3.0.4
📦
Php

Php

= 3.0.5
📦
Php

Php

= 3.0.6
📦
Php

Php

= 3.0.7
📦
Php

Php

= 3.0.8
📦
Php

Php

= 3.0.9
📦
Php

Php

= 3.0.10
📦
Php

Php

= 3.0.11
📦
Php

Php

= 3.0.12
📦
Php

Php

= 3.0.13
📦
Php

Php

= 3.0.14
📦
Php

Php

= 3.0.15
📦
Php

Php

= 3.0.16
📦
Php

Php

= 3.0.17
📦
Php

Php

= 3.0.18
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0.0
📦
Php

Php

= 4.0.1
📦
Php

Php

= 4.0.2
📦
Php

Php

= 4.0.3
📦
Php

Php

= 4.0.4
📦
Php

Php

= 4.0.5
📦
Php

Php

= 4.0.6
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.1.0
📦
Php

Php

= 4.1.1
📦
Php

Php

= 4.1.2
📦
Php

Php

= 4.2.0
📦
Php

Php

= 4.2.1
📦
Php

Php

= 4.2.2
📦
Php

Php

= 4.2.3
📦
Php

Php

= 4.3.0
📦
Php

Php

= 4.3.1
📦
Php

Php

= 4.3.2
📦
Php

Php

= 4.3.3
📦
Php

Php

= 4.3.4
📦
Php

Php

= 4.3.5
📦
Php

Php

= 4.3.6
📦
Php

Php

= 4.3.7
📦
Php

Php

= 4.3.8
📦
Php

Php

= 4.3.9
📦
Php

Php

= 4.3.10
📦
Php

Php

= 4.3.11
📦
Php

Php

= 4.4.0
📦
Php

Php

= 4.4.1
📦
Php

Php

= 4.4.2
📦
Php

Php

= 4.4.3
📦
Php

Php

= 4.4.4
📦
Php

Php

= 4.4.5
📦
Php

Php

= 4.4.6
📦
Php

Php

= 4.4.7
📦
Php

Php

= 4.4.8
📦
Php

Php

= 4.4.9
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.1
📦
Php

Php

= 5.0.2
📦
Php

Php

= 5.0.3
📦
Php

Php

= 5.0.4
📦
Php

Php

= 5.0.5
📦
Php

Php

= 5.1.0
📦
Php

Php

= 5.1.1
📦
Php

Php

= 5.1.2
📦
Php

Php

= 5.1.3
📦
Php

Php

= 5.1.4
📦
Php

Php

= 5.1.5
📦
Php

Php

= 5.1.6
📦
Php

Php

= 5.2.0
📦
Php

Php

= 5.2.1
📦
Php

Php

= 5.2.2
📦
Php

Php

= 5.2.3
📦
Php

Php

= 5.2.4
📦
Php

Php

= 5.2.5
📦
Php

Php

= 5.2.6
📦
Php

Php

= 5.2.7
📦
Php

Php

= 5.2.8
📦
Php

Php

= 5.2.9
📦
Php

Php

= 5.2.10
📦
Php

Php

= 5.2.11
📦
Php

Php

= 5.2.12
📦
Php

Php

= 5.2.13
📦
Php

Php

= 5.2.14
📦
Php

Php

= 5.2.15
📦
Php

Php

= 5.2.16
📦
Php

Php

= 5.2.17
📦
Php

Php

= 5.3.0
📦
Php

Php

= 5.3.1
📦
Php

Php

= 5.3.2
📦
Php

Php

= 5.3.3
📦
Php

Php

= 5.3.4
📦
Php

Php

= 5.3.5
📦
Php

Php

= 5.3.6
📦
Php

Php

= 5.3.7
📦
Php

Php

= 5.3.8
📦
Php

Php

= 5.3.9
📦
Php

Php

= 5.4.0
📦
Php

Php

= 5.4.1
📦
Php

Php

= 5.4.2

References & Advisories

🔗 http://isc.sans.edu/diary.html?storyid=13255
🔗 http://openwall.com/lists/oss-security/2012/05/20/2
🔗 http://www.exploit-db.com/exploits/18861/
🔗 http://www.securitytracker.com/id?1027089
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=823464
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/75778
🔗 http://isc.sans.edu/diary.html?storyid=13255
🔗 http://openwall.com/lists/oss-security/2012/05/20/2

Related Vulnerabilities

CVE-2020-2521310.0

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP cod...

CVE-2020-2418610.0

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthe...

CVE-2020-896710.0

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO...

CVE-2020-3594910.0

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated a...