CVE-2007-1381

Name of the Vulnerable Software and Affected Versions PHP 5 versions 1.119.2.10.2.12 through 1.119.2.10.2.13

Description The issue arises from the wddx deserialize function in wddx.c, which incorrectly uses strlcpy instead of strlcat and provides improper arguments. This allows attackers to execute arbitrary code via a WDDX packet containing a malformed overlap of a STRING element, triggering a buffer overflow.

Recommendations For PHP 5 versions 1.119.2.10.2.12 through 1.119.2.10.2.13, update to a version where the wddx deserialize function is fixed, specifically to a version after the fix on 20070304. As a temporary workaround, consider restricting the use of the wddx deserialize function to minimize the risk of exploitation.