CVE-2007-1584

PHP 5.2.0 - Buffer Underflow via Header Function

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-1584. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit targets a buffer underflow vulnerability in PHP's header() function (CVE-2007-1584) to achieve remote code execution. It uses a PPC MacOSX reverse shell payload and leverages the substr_compare() vulnerability to calculate memory offsets dynamically.

Description

Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Stefan Esser · phplocalosx

https://www.exploit-db.com/exploits/3517

View Code ZIP pw:eip

This exploit targets a buffer underflow vulnerability in PHP's header() function (CVE-2007-1584) to achieve remote code execution. It uses a PPC MacOSX reverse shell payload and leverages the substr_compare() vulnerability to calculate memory offsets dynamically.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: PHP (versions affected by CVE-2007-1584)

No auth needed

Prerequisites: PHP installation vulnerable to CVE-2007-1584 · Ability to send crafted HTTP headers to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Stefan Esser · phplocalosx

https://www.exploit-db.com/exploits/3460

View Code ZIP pw:eip

This exploit targets a buffer underflow vulnerability in PHP's ext/filter module (CVE-2007-1584) to achieve remote code execution. It uses a PPC MacOSX reverse shell payload and leverages heap manipulation to overwrite memory addresses.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: PHP (ext/filter module)

No auth needed

Prerequisites: PHP with vulnerable ext/filter module · Ability to send crafted input to the PHP application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3517

Vendor Advisory x_refsource_misc

http://www.php-security.org/MOPB/MOPB-25-2007.html

Scores

EPSS 0.0525

EPSS Percentile 91.5%

Details

Status published

Products (1)

php/php 5.2.0

Published Mar 21, 2007

Tracked Since Feb 18, 2026