Description
Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2022-45143)
Apache HTTP Server Cryptographic Issues Vulnerability (CVE-2016-0736)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.2.1)
Oracle Database Server CVE-2009-2001 Vulnerability (CVE-2009-2001)
Oracle Database Server CVE-2009-1007 Vulnerability (CVE-2009-1007)