PHP XML Handling Heap Buffer Overflow Vulnerability July13 (Windows) Network Vulnerability

Summary

This host is running PHP and is prone to heap based buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

Solution

Upgrade to PHP version 5.3.27 or later, For updates refer to http://php.net/

Insight

The flaw is triggered as user-supplied input is not properly validated when handling malformed XML input.

Affected

PHP version prior to 5.3.27

Detection

Get the installed version of PHP with the help of detect NVT and check it is vulnerable or not.

References

http://php.net/ChangeLog-5.php
http://seclists.org/bugtraq/2013/Jul/106
http://seclists.org/oss-sec/2013/q3/88
http://www.osvdb.org/95152
https://bugs.php.net/bug.php?id=65236

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4113

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari 'background' Remote Denial Of Service Vulnerability
CA Gateway Security Remote Code Execution Vulnerability
Apple Mac OS X Authentication Bypass Vulnerability
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)

Take action and discover your vulnerabilities