Test ID:	1.3.6.1.4.1.25623.1.0.100601
Category:	Web application abuses
Title:	PHP Zip_Entry_Read() Integer Overflow Vulnerability
Summary:	PHP is prone to an integer-overflow vulnerability because it; fails to ensure that integer values aren't overrun. Attackers; may exploit this issue to cause a heap-based buffer overflow.
Description:	Summary: PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a heap-based buffer overflow. Vulnerability Impact: Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. Affected Software/OS: This issue affects versions prior to PHP 4.4.5. Solution: Reports indicate that PHP 4.4.5 addresses this issue. Please contact the vendor for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1777 BugTraq ID: 23169 http://www.securityfocus.com/bid/23169 Debian Security Information: DSA-1282 (Google Search) http://www.debian.org/security/2007/dsa-1282 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 http://www.mandriva.com/security/advisories?name=MDVSA-2008:130 http://www.php-security.org/MOPB/MOPB-35-2007.html http://secunia.com/advisories/25025 http://secunia.com/advisories/25062 XForce ISS Database: php-zipreadentry-bo(33652) https://exchange.xforce.ibmcloud.com/vulnerabilities/33652
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.