CVE-2007-1399

Name of the Vulnerable Software and Affected Versions PECL ZIP versions 1.8.3 and earlier PHP versions 5.2.0 and 5.2.1

Description The issue is a stack-based buffer overflow in the zip:// URL wrapper. This allows remote attackers to execute arbitrary code via a long zip:// URL. Attackers can trigger URL access from a remote PHP interpreter, for example, through avatar upload or blog pingback.

Recommendations For PECL ZIP versions 1.8.3 and earlier, update to a version later than 1.8.3 to resolve the issue. For PHP versions 5.2.0 and 5.2.1, consider updating to a version later than 5.2.1 to mitigate the risk. As a temporary workaround, consider restricting access to the zip:// URL wrapper until a patch is available.