There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.
The exploit can be found here:
http://www.exploit-db.com/exploits/18861/
Since there is no patch available for this vulnerability yet, you might want to do the following:
isc.sans.edu
The exploit can be found here:
http://www.exploit-db.com/exploits/18861/
Since there is no patch available for this vulnerability yet, you might want to do the following:
- Block any file upload function in your php applications to avoid risks of exploit code execution.
- Use your IPS to filter known shellcodes like the ones included in metasploit.
- Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
- Use your HIPS to block any possible buffer overflow in your system.
isc.sans.edu