[VIM] CVE-2007-1375 additional vector?
security curmudgeon
jericho at attrition.org
Wed May 16 03:18:02 UTC 2007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1375
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier
allows context-dependent attackers to read sensitive memory via a large
value in the length argument, a different vulnerability than
CVE-2006-1991.
--
This is based on MOPB-14-2007 which covers substr_compare. The PHP
changelog however, says:
- Fixed substr_compare and substr_count information leak (MOPB-14 by
Stefan Esser) (Stas, Ilia)
So the mention of substr_count is new and would be a new vector.
More information about the VIM
mailing list