CVE-2007-1411

Name of the Vulnerable Software and Affected Versions PHP versions prior to 4.4.7 PHP 5 versions (affected versions not specified)

Description The issue is caused by a buffer overflow that allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the mssql connect and mssql pconnect functions. This is due to a boundary error when processing arguments within the dbopen() function in NTWDBLIB.DLL. The vulnerability can be exploited by passing an overly long string (greater than 260 bytes) as an argument to the mssql connect() or mssql pconnect() functions, allowing attackers to bypass security restrictions like the disable functions directive.

Recommendations For PHP versions prior to 4.4.7, consider upgrading to a newer version to mitigate the risk. For PHP 5 versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the mssql connect() and mssql pconnect() functions until a patch is available.