CVE-2007-4507

PHP 5.2.3 - Buffer Overflow in php_ntuser Functions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4507. PoCs published by shinnai.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow in PHP 5.2.3's `ntuser_getuserlist()` function, allowing control over EIP, ESP, and EBP registers. The PoC uses a crafted buffer to trigger the overflow, potentially leading to arbitrary code execution.

Description

Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · phpdoswindows

https://www.exploit-db.com/exploits/4304

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow in PHP 5.2.3's `ntuser_getuserlist()` function, allowing control over EIP, ESP, and EBP registers. The PoC uses a crafted buffer to trigger the overflow, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: PHP 5.2.3

No auth needed

Prerequisites: Local access to the target system · PHP 5.2.3 with vulnerable `ntuser` extension enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4304

Scores

EPSS 0.0583

EPSS Percentile 92.2%

Details

Status published

Products (1)

php/php 5.2.3

Published Aug 23, 2007

Tracked Since Feb 18, 2026