[VIM] CVE-2007-1375 additional vector?

security curmudgeon jericho at attrition.org
Wed May 16 03:18:02 UTC 2007


Integer overflow in the substr_compare function in PHP 5.2.1 and earlier 
allows context-dependent attackers to read sensitive memory via a large 
value in the length argument, a different vulnerability than 


This is based on MOPB-14-2007 which covers substr_compare. The PHP 
changelog however, says:

  - Fixed substr_compare and substr_count information leak (MOPB-14 by
    Stefan Esser) (Stas, Ilia)

So the mention of substr_count is new and would be a new vector.

More information about the VIM mailing list