CVE-2007-1411

PHP < 4.4.6 - Buffer Overflow via mssql_connect and mssql_pconnect Functions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1411. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in PHP's mssql_connect() and mssql_pconnect() functions (CVE-2007-1411). It uses a crafted payload to overwrite SEH and execute arbitrary shellcode, launching 'notepad.exe' as a proof of concept.

Description

Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phplocalwindows

https://www.exploit-db.com/exploits/3417

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in PHP's mssql_connect() and mssql_pconnect() functions (CVE-2007-1411). It uses a crafted payload to overwrite SEH and execute arbitrary shellcode, launching 'notepad.exe' as a proof of concept.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP <= 4.4.6

No auth needed

Prerequisites: PHP with mssql extension enabled · Windows 2000 SP3 environment

MITRE ATT&CK