CyberSec.Space Logo
返回 CVE 浏览器

CVE-2012-2376

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile35.21th
Published2012年5月21日
Last Modified2026年4月29日

Vulnerability Description

Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.

Affected Platforms (CPE)

📦
Php

Php

<= 5.4.3
📦
Php

Php

= 1.0
📦
Php

Php

= 2.0
📦
Php

Php

= 2.0b10
📦
Php

Php

= 3.0
📦
Php

Php

= 3.0.1
📦
Php

Php

= 3.0.2
📦
Php

Php

= 3.0.3
📦
Php

Php

= 3.0.4
📦
Php

Php

= 3.0.5
📦
Php

Php

= 3.0.6
📦
Php

Php

= 3.0.7
📦
Php

Php

= 3.0.8
📦
Php

Php

= 3.0.9
📦
Php

Php

= 3.0.10
📦
Php

Php

= 3.0.11
📦
Php

Php

= 3.0.12
📦
Php

Php

= 3.0.13
📦
Php

Php

= 3.0.14
📦
Php

Php

= 3.0.15
📦
Php

Php

= 3.0.16
📦
Php

Php

= 3.0.17
📦
Php

Php

= 3.0.18
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0.0
📦
Php

Php

= 4.0.1
📦
Php

Php

= 4.0.2
📦
Php

Php

= 4.0.3
📦
Php

Php

= 4.0.4
📦
Php

Php

= 4.0.5
📦
Php

Php

= 4.0.6
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.1.0
📦
Php

Php

= 4.1.1
📦
Php

Php

= 4.1.2
📦
Php

Php

= 4.2.0
📦
Php

Php

= 4.2.1
📦
Php

Php

= 4.2.2
📦
Php

Php

= 4.2.3
📦
Php

Php

= 4.3.0
📦
Php

Php

= 4.3.1
📦
Php

Php

= 4.3.2
📦
Php

Php

= 4.3.3
📦
Php

Php

= 4.3.4
📦
Php

Php

= 4.3.5
📦
Php

Php

= 4.3.6
📦
Php

Php

= 4.3.7
📦
Php

Php

= 4.3.8
📦
Php

Php

= 4.3.9
📦
Php

Php

= 4.3.10
📦
Php

Php

= 4.3.11
📦
Php

Php

= 4.4.0
📦
Php

Php

= 4.4.1
📦
Php

Php

= 4.4.2
📦
Php

Php

= 4.4.3
📦
Php

Php

= 4.4.4
📦
Php

Php

= 4.4.5
📦
Php

Php

= 4.4.6
📦
Php

Php

= 4.4.7
📦
Php

Php

= 4.4.8
📦
Php

Php

= 4.4.9
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.1
📦
Php

Php

= 5.0.2
📦
Php

Php

= 5.0.3
📦
Php

Php

= 5.0.4
📦
Php

Php

= 5.0.5
📦
Php

Php

= 5.1.0
📦
Php

Php

= 5.1.1
📦
Php

Php

= 5.1.2
📦
Php

Php

= 5.1.3
📦
Php

Php

= 5.1.4
📦
Php

Php

= 5.1.5
📦
Php

Php

= 5.1.6
📦
Php

Php

= 5.2.0
📦
Php

Php

= 5.2.1
📦
Php

Php

= 5.2.2
📦
Php

Php

= 5.2.3
📦
Php

Php

= 5.2.4
📦
Php

Php

= 5.2.5
📦
Php

Php

= 5.2.6
📦
Php

Php

= 5.2.7
📦
Php

Php

= 5.2.8
📦
Php

Php

= 5.2.9
📦
Php

Php

= 5.2.10
📦
Php

Php

= 5.2.11
📦
Php

Php

= 5.2.12
📦
Php

Php

= 5.2.13
📦
Php

Php

= 5.2.14
📦
Php

Php

= 5.2.15
📦
Php

Php

= 5.2.16
📦
Php

Php

= 5.2.17
📦
Php

Php

= 5.3.0
📦
Php

Php

= 5.3.1
📦
Php

Php

= 5.3.2
📦
Php

Php

= 5.3.3
📦
Php

Php

= 5.3.4
📦
Php

Php

= 5.3.5
📦
Php

Php

= 5.3.6
📦
Php

Php

= 5.3.7
📦
Php

Php

= 5.3.8
📦
Php

Php

= 5.3.9
📦
Php

Php

= 5.4.0
📦
Php

Php

= 5.4.1
📦
Php

Php

= 5.4.2

References & Advisories

🔗 http://isc.sans.edu/diary.html?storyid=13255
🔗 http://openwall.com/lists/oss-security/2012/05/20/2
🔗 http://www.exploit-db.com/exploits/18861/
🔗 http://www.securitytracker.com/id?1027089
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=823464
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/75778
🔗 http://isc.sans.edu/diary.html?storyid=13255
🔗 http://openwall.com/lists/oss-security/2012/05/20/2

相关漏洞威胁

CVE-2020-2521310.0

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP cod...

CVE-2020-2418610.0

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthe...

CVE-2020-896710.0

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO...

CVE-2020-3594910.0

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated a...