Vulnerability identifier: #VU525
Vulnerability risk: High
Exploitation vector: Local
Exploit availability: No
Vendor: PHP Group
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory error in phar_parse_zipfile() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Vulnerable software versions
PHP: 7.0.11, 5.6.26
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?