Multiple buffer overflows in the preparse function in asp2php 0.76.23 allow remote attackers to execute arbitrary code via crafted ASP scripts.