Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=605641
http://secunia.com/advisories/40860
https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
http://support.apple.com/kb/HT4312
http://twitter.com/i0n1c/statuses/16373156076
Published: 2010-06-24
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High