7.5

CVE-2007-1777

Exploit
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version3.0
PhpPhp Version3.0.1
PhpPhp Version3.0.2
PhpPhp Version3.0.3
PhpPhp Version3.0.4
PhpPhp Version3.0.5
PhpPhp Version3.0.6
PhpPhp Version3.0.7
PhpPhp Version3.0.8
PhpPhp Version3.0.9
PhpPhp Version3.0.10
PhpPhp Version3.0.11
PhpPhp Version3.0.12
PhpPhp Version3.0.13
PhpPhp Version3.0.14
PhpPhp Version3.0.15
PhpPhp Version3.0.16
PhpPhp Version3.0.17
PhpPhp Version3.0.18
PhpPhp Version4.0.0
PhpPhp Version4.0.1
PhpPhp Version4.0.1 Updatepatch1
PhpPhp Version4.0.1 Updatepatch2
PhpPhp Version4.0.2
PhpPhp Version4.0.3
PhpPhp Version4.0.3 Updatepatch1
PhpPhp Version4.0.4
PhpPhp Version4.0.4 Updatepatch1
PhpPhp Version4.0.5
PhpPhp Version4.0.6
PhpPhp Version4.0.7
PhpPhp Version4.0.7 Updaterc1
PhpPhp Version4.0.7 Updaterc2
PhpPhp Version4.0.7 Updaterc3
PhpPhp Version4.1.0
PhpPhp Version4.1.1
PhpPhp Version4.1.2
PhpPhp Version4.2 Editiondev
PhpPhp Version4.2.0
PhpPhp Version4.2.1
PhpPhp Version4.2.2
PhpPhp Version4.2.3
PhpPhp Version4.3.0
PhpPhp Version4.3.1
PhpPhp Version4.3.2
PhpPhp Version4.3.3
PhpPhp Version4.3.4
PhpPhp Version4.3.5
PhpPhp Version4.3.6
PhpPhp Version4.3.7
PhpPhp Version4.3.8
PhpPhp Version4.3.9
PhpPhp Version4.3.10
PhpPhp Version4.3.11
PhpPhp Version4.4.0
PhpPhp Version4.4.1
PhpPhp Version4.4.2
PhpPhp Version4.4.3
PhpPhp Version4.4.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.33% 0.964
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/25025
http://secunia.com/advisories/25062
http://www.debian.org/security/2007/dsa-1282
http://www.debian.org/security/2007/dsa-1283
http://www.mandriva.com/security/advisories?name=MDVSA-2008:130
http://www.php-security.org/MOPB/MOPB-35-2007.html
Vendor Advisory
Exploit
http://www.securityfocus.com/bid/23169
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/33652