Summary
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer-overflow and corrupt process memory.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects versions prior to PHP 4.4.5 and 5.2.1.
Solution
The vendor released PHP 4.4.5 and 5.2.1 to address this issue. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2007-1885, CVE-2007-1886 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 68designs 68kb Multiple Remote File Include Vulnerabilities
- Baby Gekko CMS Multiple Vulnerabilities
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution