Vulnerability identifier: #VU528
Vulnerability risk: High
Exploitation vector: Local
Exploit availability: No
Vendor: PHP Group
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory read error in php_wddx_push_element() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Vulnerable software versions
PHP: 5.6.26, 7.0.11
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?