CVE-2007-1381

Php - Memory Corruption

Title source: rule

Description

The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · phpdosmultiple

https://www.exploit-db.com/exploits/3404

View Code ZIP pw:eip

References (4)

[Various Sources] http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.13&r2=1.119.2.10.2.14

[Various Sources] http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?revision=1.119.2.10.2.14&view=markup

[Third Party Advisory, VDB Entry] http://www.osvdb.org/32775

[Exploit] http://www.php-security.org/MOPB/MOPB-09-2007.html

Scores

EPSS 0.0473

EPSS Percentile 89.4%

Details

CWE

CWE-119

Status published

Products (1)

php/php 5.0.0

Published Mar 10, 2007

Tracked Since Feb 18, 2026