• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHP wordwrap() Heap Corruption Vulnerability

A vulnerability has been discovered in PHP. A buffer overflow has been found in the wordwrap() function which when trigger may cause heap corruption. Memory corrupted by issue may be later referenced by the calling web server.

It may be possible for a remote attacker to exploit this issue to overwrite an arbitrary word in memory. By redirecting program flow to point to malicious instructions it may be possible for an attacker to execute arbitrary commands with the privileges of the vulnerable web server.