CVE-2007-1777

Severity

75%

Complexity

99%

Confidentiality

106%

Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.

Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

PHP

First reported 17 years ago

2007-03-30 01:19:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

PHP PHP 3.0

3.0

PHP PHP 3.0.1

3.0.1

PHP PHP 3.0.2

3.0.2

PHP PHP 3.0.3

3.0.3

PHP PHP 3.0.4

3.0.4

PHP PHP 3.0.5

3.0.5

PHP PHP 3.0.6

3.0.6

PHP PHP 3.0.7

3.0.7

PHP PHP 3.0.8

3.0.8

PHP PHP 3.0.9

3.0.9

PHP PHP 3.0.10

3.0.10

PHP PHP 3.0.11

3.0.11

PHP PHP 3.0.12

3.0.12

PHP PHP 3.0.13

3.0.13

PHP PHP 3.0.14

3.0.14

PHP PHP 3.0.15

3.0.15

PHP PHP 3.0.16

3.0.16

PHP PHP 3.0.17

3.0.17

PHP PHP 3.0.18

3.0.18

PHP PHP 4.0.0

4.0.0

PHP PHP 4.0.1

4.0.1

PHP PHP 4.0.2

4.0.2

PHP PHP 4.0.3

4.0.3

PHP PHP 4.0.4

4.0.4

PHP PHP 4.0.5

4.0.5

PHP PHP 4.0.6

4.0.6

PHP PHP 4.0.7

4.0.7

PHP 4.0.7 Release Candidate 1

4.0.7

PHP 4.0.7 Release Candidate 2

4.0.7

PHP 4.0.7 Release Candidate 3

4.0.7

PHP PHP 4.1.0

4.1.0

PHP PHP 4.1.1

4.1.1

PHP PHP 4.1.2

4.1.2

PHP PHP 4.2.0

4.2.0

PHP PHP 4.2.1

4.2.1

PHP PHP 4.2.2

4.2.2

PHP PHP 4.2.3

4.2.3

PHP PHP 4.3.0

4.3.0

PHP PHP 4.3.1

4.3.1

PHP PHP 4.3.2

4.3.2

PHP PHP 4.3.3

4.3.3

PHP PHP 4.3.4

4.3.4

PHP PHP 4.3.5

4.3.5

PHP PHP 4.3.6

4.3.6

PHP PHP 4.3.7

4.3.7

PHP PHP 4.3.8

4.3.8

PHP PHP 4.3.9

4.3.9

PHP PHP 4.3.10

4.3.10

PHP PHP 4.3.11

4.3.11

PHP PHP 4.4.0

4.4.0

PHP PHP 4.4.1

4.4.1

PHP PHP 4.4.2

4.4.2

PHP PHP 4.4.3

4.4.3

PHP PHP 4.4.4

4.4.4

References

25025

25062

DSA-1282

DSA-1283

MDVSA-2008:130

http://www.php-security.org/MOPB/MOPB-35-2007.html

Exploit, Vendor Advisory

23169

Exploit

php-zipreadentry-bo(33652)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.