This application requires Javascript for optimal performance.

PHP.ZIP.URL.Wrapper.Buffer.Overflow

Release Date

Jan 05, 2010

Severity

high

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Description

This indicates an attack attempt against a buffer-overflow vulnerability in the PHP library.

The vulnerability is caused by an error when the vulnerable software handles a malicious zip url. It allows a remote attacker to execute arbitrary code via sending a crafted PHP file.

Affected Products

PHP 5.2.0 and PHP with PECL ZIP <= 1.8.3

Recommended Actions

Upgrade to the latest version, available from the following web site:
http://www.php.net/downloads.php

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2007-1399

Reference/s

http://www.php-security.org/MOPB/MOPB-16-2007.html
http://www.securityfocus.com/bid/22883 (BugTraq)

Reference: VID-18068