Author: www.80vul.com [Email: saiy1986@gmail.com] Release Date: 2010/7/10 References: http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm Zend Studio is a commercial, proprietary integrated development environment (IDE) for PHP developed by Zend Technologies, based on the PHP Development Tools (PDT) plugin for the Eclipse platform (the PDT project is led by Zend). We found a security bug of it in Zend studio [version >6.0], the description of a function of php script does'nt be escaped or htmlencode, so it lead to can be exploited to execute arbitrary HTML and script code what the attacker inject evil codz on function&#65533; description. And this vul is a &#65533;ross-Zone Scripting&#65533;vul, so Successful exploitation allows execution of arbitrary code in user&#65533; system. DEMO: <?php /** * <script>new ActiveXObject("WScript.shell").Run('calc.exe',1,true);</script>"); */ function a() { } Then Open the function a()&#65533; description [type a word "a" or move your mouse on it] ,the calc.exe well be run. Disclosure Timeline: 2009/07/08 - Found this Vulnerability 2009/07/10 - Public Disclosure -- hitest