Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5653

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5653
Last Modified 07 Mar 2011 10:01:05
Published 23 Oct 2007 05:47:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5653

Summary

The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.

Vulnerable Systems

Application

  • Php 5.2.4


References

VUPEN - ADV-2007-3590

MILW0RM - 4553

XF - php-com-security-bypass(37368)

SECUNIA - 27280


Last Updated: 27 May 2016 10:46:14