Amazon Linux AMI update for php70
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2016-10168 CVE-2016-7479 CVE-2016-10161 CVE-2016-10160 CVE-2016-10162 CVE-2016-10158 CVE-2016-10159 CVE-2016-10167 CVE-2017-5340 |
| CWE-ID | CWE-190 CWE-416 CWE-126 CWE-193 CWE-476 CWE-682 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU7576
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10168
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.
The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.
Update the affected packages.
i686:Vulnerable software versions
php70-common-7.0.16-1.21.amzn1.i686
php70-7.0.16-1.21.amzn1.i686
php70-bcmath-7.0.16-1.21.amzn1.i686
php70-zip-7.0.16-1.21.amzn1.i686
php70-xml-7.0.16-1.21.amzn1.i686
php70-gmp-7.0.16-1.21.amzn1.i686
php70-ldap-7.0.16-1.21.amzn1.i686
php70-pdo-dblib-7.0.16-1.21.amzn1.i686
php70-gd-7.0.16-1.21.amzn1.i686
php70-mysqlnd-7.0.16-1.21.amzn1.i686
php70-embedded-7.0.16-1.21.amzn1.i686
php70-opcache-7.0.16-1.21.amzn1.i686
php70-tidy-7.0.16-1.21.amzn1.i686
php70-intl-7.0.16-1.21.amzn1.i686
php70-process-7.0.16-1.21.amzn1.i686
php70-soap-7.0.16-1.21.amzn1.i686
php70-imap-7.0.16-1.21.amzn1.i686
php70-pdo-7.0.16-1.21.amzn1.i686
php70-mcrypt-7.0.16-1.21.amzn1.i686
php70-mbstring-7.0.16-1.21.amzn1.i686
php70-fpm-7.0.16-1.21.amzn1.i686
php70-dba-7.0.16-1.21.amzn1.i686
php70-cli-7.0.16-1.21.amzn1.i686
php70-pspell-7.0.16-1.21.amzn1.i686
php70-dbg-7.0.16-1.21.amzn1.i686
php70-pgsql-7.0.16-1.21.amzn1.i686
php70-recode-7.0.16-1.21.amzn1.i686
php70-xmlrpc-7.0.16-1.21.amzn1.i686
php70-debuginfo-7.0.16-1.21.amzn1.i686
php70-enchant-7.0.16-1.21.amzn1.i686
php70-devel-7.0.16-1.21.amzn1.i686
php70-json-7.0.16-1.21.amzn1.i686
php70-snmp-7.0.16-1.21.amzn1.i686
php70-odbc-7.0.16-1.21.amzn1.i686
src:
php70-7.0.16-1.21.amzn1.src
x86_64:
php70-process-7.0.16-1.21.amzn1.x86_64
php70-opcache-7.0.16-1.21.amzn1.x86_64
php70-xml-7.0.16-1.21.amzn1.x86_64
php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
php70-cli-7.0.16-1.21.amzn1.x86_64
php70-intl-7.0.16-1.21.amzn1.x86_64
php70-tidy-7.0.16-1.21.amzn1.x86_64
php70-common-7.0.16-1.21.amzn1.x86_64
php70-bcmath-7.0.16-1.21.amzn1.x86_64
php70-zip-7.0.16-1.21.amzn1.x86_64
php70-gd-7.0.16-1.21.amzn1.x86_64
php70-pspell-7.0.16-1.21.amzn1.x86_64
php70-ldap-7.0.16-1.21.amzn1.x86_64
php70-pdo-7.0.16-1.21.amzn1.x86_64
php70-snmp-7.0.16-1.21.amzn1.x86_64
php70-mbstring-7.0.16-1.21.amzn1.x86_64
php70-soap-7.0.16-1.21.amzn1.x86_64
php70-mcrypt-7.0.16-1.21.amzn1.x86_64
php70-recode-7.0.16-1.21.amzn1.x86_64
php70-json-7.0.16-1.21.amzn1.x86_64
php70-dbg-7.0.16-1.21.amzn1.x86_64
php70-odbc-7.0.16-1.21.amzn1.x86_64
php70-gmp-7.0.16-1.21.amzn1.x86_64
php70-7.0.16-1.21.amzn1.x86_64
php70-fpm-7.0.16-1.21.amzn1.x86_64
php70-dba-7.0.16-1.21.amzn1.x86_64
php70-pgsql-7.0.16-1.21.amzn1.x86_64
php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
php70-debuginfo-7.0.16-1.21.amzn1.x86_64
php70-imap-7.0.16-1.21.amzn1.x86_64
php70-devel-7.0.16-1.21.amzn1.x86_64
php70-enchant-7.0.16-1.21.amzn1.x86_64
php70-embedded-7.0.16-1.21.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-812.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free error
EUVDB-ID: #VU12900
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-7479
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to resizing the 'properties' hash table of a serialized object during the unserialization process. A remote attacker can trigger use-after-free error and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
php70-common-7.0.16-1.21.amzn1.i686
php70-7.0.16-1.21.amzn1.i686
php70-bcmath-7.0.16-1.21.amzn1.i686
php70-zip-7.0.16-1.21.amzn1.i686
php70-xml-7.0.16-1.21.amzn1.i686
php70-gmp-7.0.16-1.21.amzn1.i686
php70-ldap-7.0.16-1.21.amzn1.i686
php70-pdo-dblib-7.0.16-1.21.amzn1.i686
php70-gd-7.0.16-1.21.amzn1.i686
php70-mysqlnd-7.0.16-1.21.amzn1.i686
php70-embedded-7.0.16-1.21.amzn1.i686
php70-opcache-7.0.16-1.21.amzn1.i686
php70-tidy-7.0.16-1.21.amzn1.i686
php70-intl-7.0.16-1.21.amzn1.i686
php70-process-7.0.16-1.21.amzn1.i686
php70-soap-7.0.16-1.21.amzn1.i686
php70-imap-7.0.16-1.21.amzn1.i686
php70-pdo-7.0.16-1.21.amzn1.i686
php70-mcrypt-7.0.16-1.21.amzn1.i686
php70-mbstring-7.0.16-1.21.amzn1.i686
php70-fpm-7.0.16-1.21.amzn1.i686
php70-dba-7.0.16-1.21.amzn1.i686
php70-cli-7.0.16-1.21.amzn1.i686
php70-pspell-7.0.16-1.21.amzn1.i686
php70-dbg-7.0.16-1.21.amzn1.i686
php70-pgsql-7.0.16-1.21.amzn1.i686
php70-recode-7.0.16-1.21.amzn1.i686
php70-xmlrpc-7.0.16-1.21.amzn1.i686
php70-debuginfo-7.0.16-1.21.amzn1.i686
php70-enchant-7.0.16-1.21.amzn1.i686
php70-devel-7.0.16-1.21.amzn1.i686
php70-json-7.0.16-1.21.amzn1.i686
php70-snmp-7.0.16-1.21.amzn1.i686
php70-odbc-7.0.16-1.21.amzn1.i686
src:
php70-7.0.16-1.21.amzn1.src
x86_64:
php70-process-7.0.16-1.21.amzn1.x86_64
php70-opcache-7.0.16-1.21.amzn1.x86_64
php70-xml-7.0.16-1.21.amzn1.x86_64
php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
php70-cli-7.0.16-1.21.amzn1.x86_64
php70-intl-7.0.16-1.21.amzn1.x86_64
php70-tidy-7.0.16-1.21.amzn1.x86_64
php70-common-7.0.16-1.21.amzn1.x86_64
php70-bcmath-7.0.16-1.21.amzn1.x86_64
php70-zip-7.0.16-1.21.amzn1.x86_64
php70-gd-7.0.16-1.21.amzn1.x86_64
php70-pspell-7.0.16-1.21.amzn1.x86_64
php70-ldap-7.0.16-1.21.amzn1.x86_64
php70-pdo-7.0.16-1.21.amzn1.x86_64
php70-snmp-7.0.16-1.21.amzn1.x86_64
php70-mbstring-7.0.16-1.21.amzn1.x86_64
php70-soap-7.0.16-1.21.amzn1.x86_64
php70-mcrypt-7.0.16-1.21.amzn1.x86_64
php70-recode-7.0.16-1.21.amzn1.x86_64
php70-json-7.0.16-1.21.amzn1.x86_64
php70-dbg-7.0.16-1.21.amzn1.x86_64
php70-odbc-7.0.16-1.21.amzn1.x86_64
php70-gmp-7.0.16-1.21.amzn1.x86_64
php70-7.0.16-1.21.amzn1.x86_64
php70-fpm-7.0.16-1.21.amzn1.x86_64
php70-dba-7.0.16-1.21.amzn1.x86_64
php70-pgsql-7.0.16-1.21.amzn1.x86_64
php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
php70-debuginfo-7.0.16-1.21.amzn1.x86_64
php70-imap-7.0.16-1.21.amzn1.x86_64
php70-devel-7.0.16-1.21.amzn1.x86_64
php70-enchant-7.0.16-1.21.amzn1.x86_64
php70-embedded-7.0.16-1.21.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-812.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Buffer over-read
EUVDB-ID: #VU12908
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10161
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the object_common1 function in ext/standard/var_unserializer.c due to buffer over-read. A remote attacker can submit specially crafted serialized data that is mishandled in a finish_nested_data call and cause the service to crash.
Update the affected packages.
i686:Vulnerable software versions
php70-common-7.0.16-1.21.amzn1.i686
php70-7.0.16-1.21.amzn1.i686
php70-bcmath-7.0.16-1.21.amzn1.i686
php70-zip-7.0.16-1.21.amzn1.i686
php70-xml-7.0.16-1.21.amzn1.i686
php70-gmp-7.0.16-1.21.amzn1.i686
php70-ldap-7.0.16-1.21.amzn1.i686
php70-pdo-dblib-7.0.16-1.21.amzn1.i686
php70-gd-7.0.16-1.21.amzn1.i686
php70-mysqlnd-7.0.16-1.21.amzn1.i686
php70-embedded-7.0.16-1.21.amzn1.i686
php70-opcache-7.0.16-1.21.amzn1.i686
php70-tidy-7.0.16-1.21.amzn1.i686
php70-intl-7.0.16-1.21.amzn1.i686
php70-process-7.0.16-1.21.amzn1.i686
php70-soap-7.0.16-1.21.amzn1.i686
php70-imap-7.0.16-1.21.amzn1.i686
php70-pdo-7.0.16-1.21.amzn1.i686
php70-mcrypt-7.0.16-1.21.amzn1.i686
php70-mbstring-7.0.16-1.21.amzn1.i686
php70-fpm-7.0.16-1.21.amzn1.i686
php70-dba-7.0.16-1.21.amzn1.i686
php70-cli-7.0.16-1.21.amzn1.i686
php70-pspell-7.0.16-1.21.amzn1.i686
php70-dbg-7.0.16-1.21.amzn1.i686
php70-pgsql-7.0.16-1.21.amzn1.i686
php70-recode-7.0.16-1.21.amzn1.i686
php70-xmlrpc-7.0.16-1.21.amzn1.i686
php70-debuginfo-7.0.16-1.21.amzn1.i686
php70-enchant-7.0.16-1.21.amzn1.i686
php70-devel-7.0.16-1.21.amzn1.i686
php70-json-7.0.16-1.21.amzn1.i686
php70-snmp-7.0.16-1.21.amzn1.i686
php70-odbc-7.0.16-1.21.amzn1.i686
src:
php70-7.0.16-1.21.amzn1.src
x86_64:
php70-process-7.0.16-1.21.amzn1.x86_64
php70-opcache-7.0.16-1.21.amzn1.x86_64
php70-xml-7.0.16-1.21.amzn1.x86_64
php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
php70-cli-7.0.16-1.21.amzn1.x86_64
php70-intl-7.0.16-1.21.amzn1.x86_64
php70-tidy-7.0.16-1.21.amzn1.x86_64
php70-common-7.0.16-1.21.amzn1.x86_64
php70-bcmath-7.0.16-1.21.amzn1.x86_64
php70-zip-7.0.16-1.21.amzn1.x86_64
php70-gd-7.0.16-1.21.amzn1.x86_64
php70-pspell-7.0.16-1.21.amzn1.x86_64
php70-ldap-7.0.16-1.21.amzn1.x86_64
php70-pdo-7.0.16-1.21.amzn1.x86_64
php70-snmp-7.0.16-1.21.amzn1.x86_64
php70-mbstring-7.0.16-1.21.amzn1.x86_64
php70-soap-7.0.16-1.21.amzn1.x86_64
php70-mcrypt-7.0.16-1.21.amzn1.x86_64
php70-recode-7.0.16-1.21.amzn1.x86_64
php70-json-7.0.16-1.21.amzn1.x86_64
php70-dbg-7.0.16-1.21.amzn1.x86_64
php70-odbc-7.0.16-1.21.amzn1.x86_64
php70-gmp-7.0.16-1.21.amzn1.x86_64
php70-7.0.16-1.21.amzn1.x86_64
php70-fpm-7.0.16-1.21.amzn1.x86_64
php70-dba-7.0.16-1.21.amzn1.x86_64
php70-pgsql-7.0.16-1.21.amzn1.x86_64
php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
php70-debuginfo-7.0.16-1.21.amzn1.x86_64
php70-imap-7.0.16-1.21.amzn1.x86_64
php70-devel-7.0.16-1.21.amzn1.x86_64
php70-enchant-7.0.16-1.21.amzn1.x86_64
php70-embedded-7.0.16-1.21.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-812.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Off-by-one error
EUVDB-ID: #VU12907
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10160
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the phar_parse_pharfile function in ext/phar/phar.c due to off-by-one error. A remote attacker can submit a specially crafted PHAR archive with an alias mismatch and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
i686:Vulnerable software versions
php70-common-7.0.16-1.21.amzn1.i686
php70-7.0.16-1.21.amzn1.i686
php70-bcmath-7.0.16-1.21.amzn1.i686
php70-zip-7.0.16-1.21.amzn1.i686
php70-xml-7.0.16-1.21.amzn1.i686
php70-gmp-7.0.16-1.21.amzn1.i686
php70-ldap-7.0.16-1.21.amzn1.i686
php70-pdo-dblib-7.0.16-1.21.amzn1.i686
php70-gd-7.0.16-1.21.amzn1.i686
php70-mysqlnd-7.0.16-1.21.amzn1.i686
php70-embedded-7.0.16-1.21.amzn1.i686
php70-opcache-7.0.16-1.21.amzn1.i686
php70-tidy-7.0.16-1.21.amzn1.i686
php70-intl-7.0.16-1.21.amzn1.i686
php70-process-7.0.16-1.21.amzn1.i686
php70-soap-7.0.16-1.21.amzn1.i686
php70-imap-7.0.16-1.21.amzn1.i686
php70-pdo-7.0.16-1.21.amzn1.i686
php70-mcrypt-7.0.16-1.21.amzn1.i686
php70-mbstring-7.0.16-1.21.amzn1.i686
php70-fpm-7.0.16-1.21.amzn1.i686
php70-dba-7.0.16-1.21.amzn1.i686
php70-cli-7.0.16-1.21.amzn1.i686
php70-pspell-7.0.16-1.21.amzn1.i686
php70-dbg-7.0.16-1.21.amzn1.i686
php70-pgsql-7.0.16-1.21.amzn1.i686
php70-recode-7.0.16-1.21.amzn1.i686
php70-xmlrpc-7.0.16-1.21.amzn1.i686
php70-debuginfo-7.0.16-1.21.amzn1.i686
php70-enchant-7.0.16-1.21.amzn1.i686
php70-devel-7.0.16-1.21.amzn1.i686
php70-json-7.0.16-1.21.amzn1.i686
php70-snmp-7.0.16-1.21.amzn1.i686
php70-odbc-7.0.16-1.21.amzn1.i686
src:
php70-7.0.16-1.21.amzn1.src
x86_64:
php70-process-7.0.16-1.21.amzn1.x86_64
php70-opcache-7.0.16-1.21.amzn1.x86_64
php70-xml-7.0.16-1.21.amzn1.x86_64
php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
php70-cli-7.0.16-1.21.amzn1.x86_64
php70-intl-7.0.16-1.21.amzn1.x86_64
php70-tidy-7.0.16-1.21.amzn1.x86_64
php70-common-7.0.16-1.21.amzn1.x86_64
php70-bcmath-7.0.16-1.21.amzn1.x86_64
php70-zip-7.0.16-1.21.amzn1.x86_64
php70-gd-7.0.16-1.21.amzn1.x86_64
php70-pspell-7.0.16-1.21.amzn1.x86_64
php70-ldap-7.0.16-1.21.amzn1.x86_64
php70-pdo-7.0.16-1.21.amzn1.x86_64
php70-snmp-7.0.16-1.21.amzn1.x86_64
php70-mbstring-7.0.16-1.21.amzn1.x86_64
php70-soap-7.0.16-1.21.amzn1.x86_64
php70-mcrypt-7.0.16-1.21.amzn1.x86_64
php70-recode-7.0.16-1.21.amzn1.x86_64
php70-json-7.0.16-1.21.amzn1.x86_64
php70-dbg-7.0.16-1.21.amzn1.x86_64
php70-odbc-7.0.16-1.21.amzn1.x86_64
php70-gmp-7.0.16-1.21.amzn1.x86_64
php70-7.0.16-1.21.amzn1.x86_64
php70-fpm-7.0.16-1.21.amzn1.x86_64
php70-dba-7.0.16-1.21.amzn1.x86_64
php70-pgsql-7.0.16-1.21.amzn1.x86_64
php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
php70-debuginfo-7.0.16-1.21.amzn1.x86_64
php70-imap-7.0.16-1.21.amzn1.x86_64
php70-devel-7.0.16-1.21.amzn1.x86_64
php70-enchant-7.0.16-1.21.amzn1.x86_64
php70-embedded-7.0.16-1.21.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-812.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU12909
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10162
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the php_wddx_pop_element function in ext/wddx/wddx.c due to NULL pointer dereference. A remote attacker can submit an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call, and cause the service to crash.
Update the affected packages.
i686:Vulnerable software versions
php70-common-7.0.16-1.21.amzn1.i686
php70-7.0.16-1.21.amzn1.i686
php70-bcmath-7.0.16-1.21.amzn1.i686
php70-zip-7.0.16-1.21.amzn1.i686
php70-xml-7.0.16-1.21.amzn1.i686
php70-gmp-7.0.16-1.21.amzn1.i686
php70-ldap-7.0.16-1.21.amzn1.i686
php70-pdo-dblib-7.0.16-1.21.amzn1.i686
php70-gd-7.0.16-1.21.amzn1.i686
php70-mysqlnd-7.0.16-1.21.amzn1.i686
php70-embedded-7.0.16-1.21.amzn1.i686
php70-opcache-7.0.16-1.21.amzn1.i686
php70-tidy-7.0.16-1.21.amzn1.i686
php70-intl-7.0.16-1.21.amzn1.i686
php70-process-7.0.16-1.21.amzn1.i686
php70-soap-7.0.16-1.21.amzn1.i686
php70-imap-7.0.16-1.21.amzn1.i686
php70-pdo-7.0.16-1.21.amzn1.i686
php70-mcrypt-7.0.16-1.21.amzn1.i686
php70-mbstring-7.0.16-1.21.amzn1.i686
php70-fpm-7.0.16-1.21.amzn1.i686
php70-dba-7.0.16-1.21.amzn1.i686
php70-cli-7.0.16-1.21.amzn1.i686
php70-pspell-7.0.16-1.21.amzn1.i686
php70-dbg-7.0.16-1.21.amzn1.i686
php70-pgsql-7.0.16-1.21.amzn1.i686
php70-recode-7.0.16-1.21.amzn1.i686
php70-xmlrpc-7.0.16-1.21.amzn1.i686
php70-debuginfo-7.0.16-1.21.amzn1.i686
php70-enchant-7.0.16-1.21.amzn1.i686
php70-devel-7.0.16-1.21.amzn1.i686
php70-json-7.0.16-1.21.amzn1.i686
php70-snmp-7.0.16-1.21.amzn1.i686
php70-odbc-7.0.16-1.21.amzn1.i686
src:
php70-7.0.16-1.21.amzn1.src
x86_64:
php70-process-7.0.16-1.21.amzn1.x86_64
php70-opcache-7.0.16-1.21.amzn1.x86_64
php70-xml-7.0.16-1.21.amzn1.x86_64
php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
php70-cli-7.0.16-1.21.amzn1.x86_64
php70-intl-7.0.16-1.21.amzn1.x86_64
php70-tidy-7.0.16-1.21.amzn1.x86_64
php70-common-7.0.16-1.21.amzn1.x86_64
php70-bcmath-7.0.16-1.21.amzn1.x86_64
php70-zip-7.0.16-1.21.amzn1.x86_64
php70-gd-7.0.16-1.21.amzn1.x86_64
php70-pspell-7.0.16-1.21.amzn1.x86_64
php70-ldap-7.0.16-1.21.amzn1.x86_64
php70-pdo-7.0.16-1.21.amzn1.x86_64
php70-snmp-7.0.16-1.21.amzn1.x86_64
php70-mbstring-7.0.16-1.21.amzn1.x86_64
php70-soap-7.0.16-1.21.amzn1.x86_64
php70-mcrypt-7.0.16-1.21.amzn1.x86_64
php70-recode-7.0.16-1.21.amzn1.x86_64
php70-json-7.0.16-1.21.amzn1.x86_64
php70-dbg-7.0.16-1.21.amzn1.x86_64
php70-odbc-7.0.16-1.21.amzn1.x86_64
php70-gmp-7.0.16-1.21.amzn1.x86_64
php70-7.0.16-1.21.amzn1.x86_64
php70-fpm-7.0.16-1.21.amzn1.x86_64
php70-dba-7.0.16-1.21.amzn1.x86_64
php70-pgsql-7.0.16-1.21.amzn1.x86_64
php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
php70-debuginfo-7.0.16-1.21.amzn1.x86_64
php70-imap-7.0.16-1.21.amzn1.x86_64
php70-devel-7.0.16-1.21.amzn1.x86_64
php70-enchant-7.0.16-1.21.amzn1.x86_64
php70-embedded-7.0.16-1.21.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-812.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Incorrect calculation
EUVDB-ID: #VU12905
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10158
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the exif_convert_any_to_int function in ext/exif/exif.c due to numeric errors. A remote attacker can submit specially crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1 and cause the service to crash.
Update the affected packages.
i686:Vulnerable software versions
php70-common-7.0.16-1.21.amzn1.i686
php70-7.0.16-1.21.amzn1.i686
php70-bcmath-7.0.16-1.21.amzn1.i686
php70-zip-7.0.16-1.21.amzn1.i686
php70-xml-7.0.16-1.21.amzn1.i686
php70-gmp-7.0.16-1.21.amzn1.i686
php70-ldap-7.0.16-1.21.amzn1.i686
php70-pdo-dblib-7.0.16-1.21.amzn1.i686
php70-gd-7.0.16-1.21.amzn1.i686
php70-mysqlnd-7.0.16-1.21.amzn1.i686
php70-embedded-7.0.16-1.21.amzn1.i686
php70-opcache-7.0.16-1.21.amzn1.i686
php70-tidy-7.0.16-1.21.amzn1.i686
php70-intl-7.0.16-1.21.amzn1.i686
php70-process-7.0.16-1.21.amzn1.i686
php70-soap-7.0.16-1.21.amzn1.i686
php70-imap-7.0.16-1.21.amzn1.i686
php70-pdo-7.0.16-1.21.amzn1.i686
php70-mcrypt-7.0.16-1.21.amzn1.i686
php70-mbstring-7.0.16-1.21.amzn1.i686
php70-fpm-7.0.16-1.21.amzn1.i686
php70-dba-7.0.16-1.21.amzn1.i686
php70-cli-7.0.16-1.21.amzn1.i686
php70-pspell-7.0.16-1.21.amzn1.i686
php70-dbg-7.0.16-1.21.amzn1.i686
php70-pgsql-7.0.16-1.21.amzn1.i686
php70-recode-7.0.16-1.21.amzn1.i686
php70-xmlrpc-7.0.16-1.21.amzn1.i686
php70-debuginfo-7.0.16-1.21.amzn1.i686
php70-enchant-7.0.16-1.21.amzn1.i686
php70-devel-7.0.16-1.21.amzn1.i686
php70-json-7.0.16-1.21.amzn1.i686
php70-snmp-7.0.16-1.21.amzn1.i686
php70-odbc-7.0.16-1.21.amzn1.i686
src:
php70-7.0.16-1.21.amzn1.src
x86_64:
php70-process-7.0.16-1.21.amzn1.x86_64
php70-opcache-7.0.16-1.21.amzn1.x86_64
php70-xml-7.0.16-1.21.amzn1.x86_64
php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
php70-cli-7.0.16-1.21.amzn1.x86_64
php70-intl-7.0.16-1.21.amzn1.x86_64
php70-tidy-7.0.16-1.21.amzn1.x86_64
php70-common-7.0.16-1.21.amzn1.x86_64
php70-bcmath-7.0.16-1.21.amzn1.x86_64
php70-zip-7.0.16-1.21.amzn1.x86_64
php70-gd-7.0.16-1.21.amzn1.x86_64
php70-pspell-7.0.16-1.21.amzn1.x86_64
php70-ldap-7.0.16-1.21.amzn1.x86_64
php70-pdo-7.0.16-1.21.amzn1.x86_64
php70-snmp-7.0.16-1.21.amzn1.x86_64
php70-mbstring-7.0.16-1.21.amzn1.x86_64
php70-soap-7.0.16-1.21.amzn1.x86_64
php70-mcrypt-7.0.16-1.21.amzn1.x86_64
php70-recode-7.0.16-1.21.amzn1.x86_64
php70-json-7.0.16-1.21.amzn1.x86_64
php70-dbg-7.0.16-1.21.amzn1.x86_64
php70-odbc-7.0.16-1.21.amzn1.x86_64
php70-gmp-7.0.16-1.21.amzn1.x86_64
php70-7.0.16-1.21.amzn1.x86_64
php70-fpm-7.0.16-1.21.amzn1.x86_64
php70-dba-7.0.16-1.21.amzn1.x86_64
php70-pgsql-7.0.16-1.21.amzn1.x86_64
php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
php70-debuginfo-7.0.16-1.21.amzn1.x86_64
php70-imap-7.0.16-1.21.amzn1.x86_64
php70-devel-7.0.16-1.21.amzn1.x86_64
php70-enchant-7.0.16-1.21.amzn1.x86_64
php70-embedded-7.0.16-1.21.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-812.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU12906
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10159
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the phar_parse_pharfile function in ext/phar/phar.c due to integer overflow. A remote attacker can submit a truncated manifest entry in a PHAR archive and cause the service to crash.
Update the affected packages.
i686:Vulnerable software versions
php70-common-7.0.16-1.21.amzn1.i686
php70-7.0.16-1.21.amzn1.i686
php70-bcmath-7.0.16-1.21.amzn1.i686
php70-zip-7.0.16-1.21.amzn1.i686
php70-xml-7.0.16-1.21.amzn1.i686
php70-gmp-7.0.16-1.21.amzn1.i686
php70-ldap-7.0.16-1.21.amzn1.i686
php70-pdo-dblib-7.0.16-1.21.amzn1.i686
php70-gd-7.0.16-1.21.amzn1.i686
php70-mysqlnd-7.0.16-1.21.amzn1.i686
php70-embedded-7.0.16-1.21.amzn1.i686
php70-opcache-7.0.16-1.21.amzn1.i686
php70-tidy-7.0.16-1.21.amzn1.i686
php70-intl-7.0.16-1.21.amzn1.i686
php70-process-7.0.16-1.21.amzn1.i686
php70-soap-7.0.16-1.21.amzn1.i686
php70-imap-7.0.16-1.21.amzn1.i686
php70-pdo-7.0.16-1.21.amzn1.i686
php70-mcrypt-7.0.16-1.21.amzn1.i686
php70-mbstring-7.0.16-1.21.amzn1.i686
php70-fpm-7.0.16-1.21.amzn1.i686
php70-dba-7.0.16-1.21.amzn1.i686
php70-cli-7.0.16-1.21.amzn1.i686
php70-pspell-7.0.16-1.21.amzn1.i686
php70-dbg-7.0.16-1.21.amzn1.i686
php70-pgsql-7.0.16-1.21.amzn1.i686
php70-recode-7.0.16-1.21.amzn1.i686
php70-xmlrpc-7.0.16-1.21.amzn1.i686
php70-debuginfo-7.0.16-1.21.amzn1.i686
php70-enchant-7.0.16-1.21.amzn1.i686
php70-devel-7.0.16-1.21.amzn1.i686
php70-json-7.0.16-1.21.amzn1.i686
php70-snmp-7.0.16-1.21.amzn1.i686
php70-odbc-7.0.16-1.21.amzn1.i686
src:
php70-7.0.16-1.21.amzn1.src
x86_64:
php70-process-7.0.16-1.21.amzn1.x86_64
php70-opcache-7.0.16-1.21.amzn1.x86_64
php70-xml-7.0.16-1.21.amzn1.x86_64
php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
php70-cli-7.0.16-1.21.amzn1.x86_64
php70-intl-7.0.16-1.21.amzn1.x86_64
php70-tidy-7.0.16-1.21.amzn1.x86_64
php70-common-7.0.16-1.21.amzn1.x86_64
php70-bcmath-7.0.16-1.21.amzn1.x86_64
php70-zip-7.0.16-1.21.amzn1.x86_64
php70-gd-7.0.16-1.21.amzn1.x86_64
php70-pspell-7.0.16-1.21.amzn1.x86_64
php70-ldap-7.0.16-1.21.amzn1.x86_64
php70-pdo-7.0.16-1.21.amzn1.x86_64
php70-snmp-7.0.16-1.21.amzn1.x86_64
php70-mbstring-7.0.16-1.21.amzn1.x86_64
php70-soap-7.0.16-1.21.amzn1.x86_64
php70-mcrypt-7.0.16-1.21.amzn1.x86_64
php70-recode-7.0.16-1.21.amzn1.x86_64
php70-json-7.0.16-1.21.amzn1.x86_64
php70-dbg-7.0.16-1.21.amzn1.x86_64
php70-odbc-7.0.16-1.21.amzn1.x86_64
php70-gmp-7.0.16-1.21.amzn1.x86_64
php70-7.0.16-1.21.amzn1.x86_64
php70-fpm-7.0.16-1.21.amzn1.x86_64
php70-dba-7.0.16-1.21.amzn1.x86_64
php70-pgsql-7.0.16-1.21.amzn1.x86_64
php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
php70-debuginfo-7.0.16-1.21.amzn1.x86_64
php70-imap-7.0.16-1.21.amzn1.x86_64
php70-devel-7.0.16-1.21.amzn1.x86_64
php70-enchant-7.0.16-1.21.amzn1.x86_64
php70-embedded-7.0.16-1.21.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-812.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU7575
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10167
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing images in gdImageCreateFromGd2Ctx() function in gd_gd2.c. A remote attacker can supply a malformed image and crash the application, using the affected library.
Update the affected packages.
i686:Vulnerable software versions
php70-common-7.0.16-1.21.amzn1.i686
php70-7.0.16-1.21.amzn1.i686
php70-bcmath-7.0.16-1.21.amzn1.i686
php70-zip-7.0.16-1.21.amzn1.i686
php70-xml-7.0.16-1.21.amzn1.i686
php70-gmp-7.0.16-1.21.amzn1.i686
php70-ldap-7.0.16-1.21.amzn1.i686
php70-pdo-dblib-7.0.16-1.21.amzn1.i686
php70-gd-7.0.16-1.21.amzn1.i686
php70-mysqlnd-7.0.16-1.21.amzn1.i686
php70-embedded-7.0.16-1.21.amzn1.i686
php70-opcache-7.0.16-1.21.amzn1.i686
php70-tidy-7.0.16-1.21.amzn1.i686
php70-intl-7.0.16-1.21.amzn1.i686
php70-process-7.0.16-1.21.amzn1.i686
php70-soap-7.0.16-1.21.amzn1.i686
php70-imap-7.0.16-1.21.amzn1.i686
php70-pdo-7.0.16-1.21.amzn1.i686
php70-mcrypt-7.0.16-1.21.amzn1.i686
php70-mbstring-7.0.16-1.21.amzn1.i686
php70-fpm-7.0.16-1.21.amzn1.i686
php70-dba-7.0.16-1.21.amzn1.i686
php70-cli-7.0.16-1.21.amzn1.i686
php70-pspell-7.0.16-1.21.amzn1.i686
php70-dbg-7.0.16-1.21.amzn1.i686
php70-pgsql-7.0.16-1.21.amzn1.i686
php70-recode-7.0.16-1.21.amzn1.i686
php70-xmlrpc-7.0.16-1.21.amzn1.i686
php70-debuginfo-7.0.16-1.21.amzn1.i686
php70-enchant-7.0.16-1.21.amzn1.i686
php70-devel-7.0.16-1.21.amzn1.i686
php70-json-7.0.16-1.21.amzn1.i686
php70-snmp-7.0.16-1.21.amzn1.i686
php70-odbc-7.0.16-1.21.amzn1.i686
src:
php70-7.0.16-1.21.amzn1.src
x86_64:
php70-process-7.0.16-1.21.amzn1.x86_64
php70-opcache-7.0.16-1.21.amzn1.x86_64
php70-xml-7.0.16-1.21.amzn1.x86_64
php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
php70-cli-7.0.16-1.21.amzn1.x86_64
php70-intl-7.0.16-1.21.amzn1.x86_64
php70-tidy-7.0.16-1.21.amzn1.x86_64
php70-common-7.0.16-1.21.amzn1.x86_64
php70-bcmath-7.0.16-1.21.amzn1.x86_64
php70-zip-7.0.16-1.21.amzn1.x86_64
php70-gd-7.0.16-1.21.amzn1.x86_64
php70-pspell-7.0.16-1.21.amzn1.x86_64
php70-ldap-7.0.16-1.21.amzn1.x86_64
php70-pdo-7.0.16-1.21.amzn1.x86_64
php70-snmp-7.0.16-1.21.amzn1.x86_64
php70-mbstring-7.0.16-1.21.amzn1.x86_64
php70-soap-7.0.16-1.21.amzn1.x86_64
php70-mcrypt-7.0.16-1.21.amzn1.x86_64
php70-recode-7.0.16-1.21.amzn1.x86_64
php70-json-7.0.16-1.21.amzn1.x86_64
php70-dbg-7.0.16-1.21.amzn1.x86_64
php70-odbc-7.0.16-1.21.amzn1.x86_64
php70-gmp-7.0.16-1.21.amzn1.x86_64
php70-7.0.16-1.21.amzn1.x86_64
php70-fpm-7.0.16-1.21.amzn1.x86_64
php70-dba-7.0.16-1.21.amzn1.x86_64
php70-pgsql-7.0.16-1.21.amzn1.x86_64
php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
php70-debuginfo-7.0.16-1.21.amzn1.x86_64
php70-imap-7.0.16-1.21.amzn1.x86_64
php70-devel-7.0.16-1.21.amzn1.x86_64
php70-enchant-7.0.16-1.21.amzn1.x86_64
php70-embedded-7.0.16-1.21.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-812.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Integer overflow
EUVDB-ID: #VU12910
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-5340
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in zend/zend_hash.c due to mishandling certain cases that require large array allocations. A remote attacker can submit specially crafted serialized data and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
i686:Vulnerable software versions
php70-common-7.0.16-1.21.amzn1.i686
php70-7.0.16-1.21.amzn1.i686
php70-bcmath-7.0.16-1.21.amzn1.i686
php70-zip-7.0.16-1.21.amzn1.i686
php70-xml-7.0.16-1.21.amzn1.i686
php70-gmp-7.0.16-1.21.amzn1.i686
php70-ldap-7.0.16-1.21.amzn1.i686
php70-pdo-dblib-7.0.16-1.21.amzn1.i686
php70-gd-7.0.16-1.21.amzn1.i686
php70-mysqlnd-7.0.16-1.21.amzn1.i686
php70-embedded-7.0.16-1.21.amzn1.i686
php70-opcache-7.0.16-1.21.amzn1.i686
php70-tidy-7.0.16-1.21.amzn1.i686
php70-intl-7.0.16-1.21.amzn1.i686
php70-process-7.0.16-1.21.amzn1.i686
php70-soap-7.0.16-1.21.amzn1.i686
php70-imap-7.0.16-1.21.amzn1.i686
php70-pdo-7.0.16-1.21.amzn1.i686
php70-mcrypt-7.0.16-1.21.amzn1.i686
php70-mbstring-7.0.16-1.21.amzn1.i686
php70-fpm-7.0.16-1.21.amzn1.i686
php70-dba-7.0.16-1.21.amzn1.i686
php70-cli-7.0.16-1.21.amzn1.i686
php70-pspell-7.0.16-1.21.amzn1.i686
php70-dbg-7.0.16-1.21.amzn1.i686
php70-pgsql-7.0.16-1.21.amzn1.i686
php70-recode-7.0.16-1.21.amzn1.i686
php70-xmlrpc-7.0.16-1.21.amzn1.i686
php70-debuginfo-7.0.16-1.21.amzn1.i686
php70-enchant-7.0.16-1.21.amzn1.i686
php70-devel-7.0.16-1.21.amzn1.i686
php70-json-7.0.16-1.21.amzn1.i686
php70-snmp-7.0.16-1.21.amzn1.i686
php70-odbc-7.0.16-1.21.amzn1.i686
src:
php70-7.0.16-1.21.amzn1.src
x86_64:
php70-process-7.0.16-1.21.amzn1.x86_64
php70-opcache-7.0.16-1.21.amzn1.x86_64
php70-xml-7.0.16-1.21.amzn1.x86_64
php70-xmlrpc-7.0.16-1.21.amzn1.x86_64
php70-cli-7.0.16-1.21.amzn1.x86_64
php70-intl-7.0.16-1.21.amzn1.x86_64
php70-tidy-7.0.16-1.21.amzn1.x86_64
php70-common-7.0.16-1.21.amzn1.x86_64
php70-bcmath-7.0.16-1.21.amzn1.x86_64
php70-zip-7.0.16-1.21.amzn1.x86_64
php70-gd-7.0.16-1.21.amzn1.x86_64
php70-pspell-7.0.16-1.21.amzn1.x86_64
php70-ldap-7.0.16-1.21.amzn1.x86_64
php70-pdo-7.0.16-1.21.amzn1.x86_64
php70-snmp-7.0.16-1.21.amzn1.x86_64
php70-mbstring-7.0.16-1.21.amzn1.x86_64
php70-soap-7.0.16-1.21.amzn1.x86_64
php70-mcrypt-7.0.16-1.21.amzn1.x86_64
php70-recode-7.0.16-1.21.amzn1.x86_64
php70-json-7.0.16-1.21.amzn1.x86_64
php70-dbg-7.0.16-1.21.amzn1.x86_64
php70-odbc-7.0.16-1.21.amzn1.x86_64
php70-gmp-7.0.16-1.21.amzn1.x86_64
php70-7.0.16-1.21.amzn1.x86_64
php70-fpm-7.0.16-1.21.amzn1.x86_64
php70-dba-7.0.16-1.21.amzn1.x86_64
php70-pgsql-7.0.16-1.21.amzn1.x86_64
php70-mysqlnd-7.0.16-1.21.amzn1.x86_64
php70-pdo-dblib-7.0.16-1.21.amzn1.x86_64
php70-debuginfo-7.0.16-1.21.amzn1.x86_64
php70-imap-7.0.16-1.21.amzn1.x86_64
php70-devel-7.0.16-1.21.amzn1.x86_64
php70-enchant-7.0.16-1.21.amzn1.x86_64
php70-embedded-7.0.16-1.21.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-812.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
