CVE-2016-10034 Zend-Mail Remote Code Execution Vulnerability

Zend-Mail is a code library used to send emails safely and easily via PHP code from a web server.

A critical vulnerability exists in Zend-Mail that could be exploited by unauthenticated remote attackers to execute arbitrary code on the target in the context of web server user.

Affected Versions:
Zend-mail Component versions prior to 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2
Zend-mail Framework versions prior to 2.4.11

An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the target system.

Refer to Zend-Mail advisory ZF2016-04 for more information about patching this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ZF2016-04