CVE-2017-5358
published 2017-03-15CVE-2017-5358: Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to…
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
12.15%
95.6th percentile
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easycom-aura | easycom_for_php | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SEH chain corruption as an indicator of exploitation; a corrupted SEH entry (e.g. 52525252 *** CORRUPT ENTRY ***) alongside overwritten SE handler (42424242) signals active buffer overflow exploitation. ↗
- →The !exploitable classification of 'EXPLOITABLE - Data Execution Prevention Violation starting at Unknown Symbol @ 0x0000000041414141' confirms user-mode DEP bypass is achievable; monitor for DEP violations in php.exe processes loading php_Easycom5_3_0.dll. ↗
- ·The vulnerable functions are i5_connect, i5_pconnect, and i5_private_connect; the overflow is triggered via the 'server' argument to these API calls. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txthttp://packetstormsecurity.com/files/141299/EasyCom-AS400-PHP-API-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2017/Feb/60http://www.securityfocus.com/bid/96419https://www.exploit-db.com/exploits/41425/http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txthttp://packetstormsecurity.com/files/141299/EasyCom-AS400-PHP-API-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2017/Feb/60http://www.securityfocus.com/bid/96419https://www.exploit-db.com/exploits/41425/
2017-03-15
Published