[VIM] CVE-2007-1375 additional vector?
jericho at attrition.org
Wed May 16 03:18:02 UTC 2007
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier
allows context-dependent attackers to read sensitive memory via a large
value in the length argument, a different vulnerability than
This is based on MOPB-14-2007 which covers substr_compare. The PHP
changelog however, says:
- Fixed substr_compare and substr_count information leak (MOPB-14 by
Stefan Esser) (Stas, Ilia)
So the mention of substr_count is new and would be a new vector.
More information about the VIM