CVE-2007-4586

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.0

Description The issue is related to multiple buffer overflows in the iisfunc extension, specifically in the php iisfunc.dll file. This allows context-dependent attackers to execute arbitrary code, likely during Unicode conversion. The vulnerability can be triggered by a long string in the first argument to the iis getservicestate function, and is also related to the ServiceId argument in functions such as fnStartService, fnGetServiceState, and fnStopService.

Recommendations For PHP versions prior to 5.2.0, update to a version that is 5.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the iisfunc extension or limiting the input to the iis getservicestate function and related functions to prevent exploitation.