Summary
PHP is prone to multiple format-string vulnerabilities due to a design error when casting 64-bit variables to 32 bits.
Attackers may be able to exploit these issues to execute arbitrary code in the context of the webserver process or to cause denial-of- service conditions.
These issues affect PHP versions prior to 4.4.5 and 5.2.1 running on 64-bit computers.
Solution
The vendor released versions 5.2.1 and 4.4.5 to address these issues.
Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2007-1884 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Continuum Cross Site Scripting Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities