CVE-2007-1401

PHP < 5.0.0 - Buffer Overflow in CrackLib crack_opendict Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1401. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a local buffer overflow in the PHP crack extension (CVE-2007-1401) via the crack_opendict() function. It uses SEH overwrite and shellcode execution to spawn a command prompt and launch notepad on Windows 2000 SP3.

Description

Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phplocalwindows
https://www.exploit-db.com/exploits/3431

This exploit targets a local buffer overflow in the PHP crack extension (CVE-2007-1401) via the crack_opendict() function. It uses SEH overwrite and shellcode execution to spawn a command prompt and launch notepad on Windows 2000 SP3.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PHP 4.4.6 with crack extension
No auth needed
Prerequisites: PHP 4.4.6 with crack extension loaded · Windows 2000 SP3 environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3431
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2405
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462226/100/0/threaded

Scores

EPSS 0.0074
EPSS Percentile 49.9%

Details

Status published
Products (1)
php/php 4.4.6
Published Mar 10, 2007
Tracked Since Feb 18, 2026