CVE-2007-1381 Information

Description

The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5 as modified in CVS on 20070224 and fixed on 20070304 calls strlcpy where strlcat was intended and uses improper arguments which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element which triggers a buffer overflow.

Reference

http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.13&r2=1.119.2.10.2.14 http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?revision=1.119.2.10.2.14&view=markup http://www.osvdb.org/32775 http://www.php-security.org/MOPB/MOPB-09-2007.html