| Dragonsoft Vuln ID: 2829 | Name: PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabilities |
| CVE References: CVE-2006-5465 (cve.mitre.org, nvd.nist.gov) |
| SANS/FBI TOP20 Reference: |
| Group/Family: Web Servers |
| Risk: High |
| TC Impact: n/a | Service: n/a | Vuln Impact: Gain System Privileges |
| Access Vector: Remote | Access Complexity: | Authentication: |
Description: PHP before versions 5.2.0 is exist buffer overflow vulnerability in htmlentities() and htmlspecialchars() HTML entity encoder functions. A remote attacker could execute arbitrary code on the system by send specially-crafted UTF-8 characters to the function.
Affect OS: Windows, UNIX |
| Remediation:
Refer The PHP Group Web site - "PHP: Downloads link, Upgrade to PHP 5.2.0 or higher version. |
| Created: 2007-03-07 19:27:32 | Last Changed: 2007-04-27 15:26:56 |