Vulnerability Description
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 5.0.0 |
Related Weaknesses (CWE)
References
- http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.13&r2=1.11
- http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?revision=1.119.2.10.2.14&v
- http://www.osvdb.org/32775
- http://www.php-security.org/MOPB/MOPB-09-2007.htmlExploit
- http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.13&r2=1.11
- http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?revision=1.119.2.10.2.14&v
- http://www.osvdb.org/32775
- http://www.php-security.org/MOPB/MOPB-09-2007.htmlExploit
FAQ
What is CVE-2007-1381?
CVE-2007-1381 is a vulnerability with a CVSS score of 7.6 (HIGH). The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper a...
How severe is CVE-2007-1381?
CVE-2007-1381 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1381?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.