CVE-2007-5653

Name of the Vulnerable Software and Affected Versions PHP versions 5.x

Description The issue allows context-dependent attackers to bypass intended limitations in the Component Object Model (COM) functions. This can be demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll. This is related to the com load typelib function.

Recommendations For PHP version 5.x, consider disabling the com load typelib function as a temporary workaround until a patch is available. Restrict access to the COM functions to minimize the risk of exploitation. Avoid using the COM functions to execute objects or invoke external programs until the issue is resolved.