CVE-2007-3806

Name of the Vulnerable Software and Affected Versions: PHP version 5.2.3

Description: The issue allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. This is probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

Recommendations: For PHP version 5.2.3, consider restricting the use of the glob function with invalid flags parameter values until a patch is available. As a temporary workaround, avoid using the flags parameter with unvalidated input to minimize the risk of exploitation.