Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4528


Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4528
Last Modified 05 Sep 2008 05:28:27
Published 24 Aug 2007 08:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE.

Vulnerable Systems


  • Php 5.0.5


MILW0RM - 4311

Last Updated: 27 May 2016 10:45:53