CVE-2007-1777

PHP 4 - Remote Code Execution via ZIP Archive Entry Length Overflow

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1777. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit targets an integer overflow vulnerability in PHP's zip_entry_read() function, leading to a heap-based buffer overflow. It manipulates memory by creating and unsetting arrays to trigger the overflow, potentially allowing arbitrary code execution.

Description

Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · phpremotephp

https://www.exploit-db.com/exploits/29788

View Code ZIP pw:eip

This exploit targets an integer overflow vulnerability in PHP's zip_entry_read() function, leading to a heap-based buffer overflow. It manipulates memory by creating and unsetting arrays to trigger the overflow, potentially allowing arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: PHP versions prior to 4.4.5

No auth needed

Prerequisites: A vulnerable PHP installation · Ability to execute PHP code on the target system

MITRE ATT&CK