CVE-2007-4507
published 2007-08-23CVE-2007-4507: Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
5.83%
92.2th percentile
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2007-4507: Multiple buffer overflows in the php_ntuser component for PHP 5
vendor_redhat·CVSS 6.8
CVE-2007-4507 [MEDIUM] CVE-2007-4507: Multiple buffer overflows in the php_ntuser component for PHP 5
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.
Statement: Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack 1.
GHSA
GHSA-prvc-qmpg-9m85: Multiple buffer overflows in the php_ntuser component for PHP 5
ghsa_unreviewed·2022-05-01
CVE-2007-4507 [MEDIUM] GHSA-prvc-qmpg-9m85: Multiple buffer overflows in the php_ntuser component for PHP 5
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.
No detection rules found.
No writeups or analysis indexed.
2007-08-23
Published