• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHP4 Ovrimos Extension Code Execution Vulnerability

PHP4 is prone to a code-execution vulnerability due to a design error in a vulnerable extension.

For this vulnerability to occur, the non-maintained 'Ovrimos SQL Server Extension' must have been compiled into the targetted PHP implementation.

Successful exploits may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploits would likely crash PHP.

PHP versions prior to 4.4.5 with a compiled 'Ovrimos SQL Server Extension' are vulnerable to this issue.