QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-5653

Back to search

CVE-2007-5653

Published: Oct 23, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2007-3590
vdb-entry
x_refsource_VUPEN
4553
exploit
x_refsource_EXPLOIT-DB
php-com-security-bypass(37368)
vdb-entry
x_refsource_XF
27280
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now