PHP Zip_Entry_Read() Integer Overflow Vulnerability Network Vulnerability

Summary

PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a heap-based buffer overflow. Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects versions prior to PHP 4.4.5.

Solution

Reports indicate that PHP 4.4.5 addresses this issue. Please contact the vendor for more information.

References

http://www.php-security.org/MOPB/MOPB-35-2007.html
http://www.php.net/
http://www.securityfocus.com/bid/23169

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1777

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Avenger's News System Command Execution
Apache Struts2 Redirection and Security Bypass Vulnerabilities
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
Admin News Tools Multiple Vulnerabilities

Take action and discover your vulnerabilities