Vulnerabilities > CVE-2007-4528 - Remote Security vulnerability in PHP 5.0.5
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE.
Exploit-Db
| description | PHP FFI Extension 5.0.5 Local Safe_mode Bypass Exploit. CVE-2007-4528. Local exploit for windows platform |
| file | exploits/windows/local/4311.php |
| id | EDB-ID:4311 |
| last seen | 2016-01-31 |
| modified | 2007-08-23 |
| platform | windows |
| port | |
| published | 2007-08-23 |
| reporter | NetJackal |
| source | https://www.exploit-db.com/download/4311/ |
| title | PHP FFI Extension 5.0.5 - Local Safe_mode Bypass Exploit |
| type | local |
Nessus
| NASL family | CGI abuses |
| NASL id | PHP_FFI_SECURITY_BYPASS.NASL |
| description | According to its banner, the version of PHP installed on the remote host is affected by a security bypass vulnerability. The Foreign Function Interface (ffi) extension does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function. |
| last seen | 2020-05-03 |
| modified | 2011-11-18 |
| plugin id | 17714 |
| published | 2011-11-18 |
| reporter | This script is Copyright (C) 2011-2020 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17714 |
| title | PHP Foreign Function Interface Arbitrary DLL Loading safe_mode Restriction Bypass |