CVE-2007-4507 - Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attacker

CVE-2007-4507

Summary

Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.

References

https://www.exploit-db.com/exploits/4304

Vulnerable Configurations

cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 29-09-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

exploit-db

4304

statements via4

contributor	Mark J Cox
lastmodified	2007-08-24
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack 1.

Last major update

29-09-2017 - 01:29

Published

23-08-2007 - 19:17

Last modified

29-09-2017 - 01:29