CVE-2007-5653 - Vulnerability Details - OpenCVE

The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:windows:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/27280
http://www.vupen.com/english/advisories/2007/3590
https://exchange.xforce.ibmcloud.com/vulnerabilities/37368
https://www.exploit-db.com/exploits/4553

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-23T21:00:00

Updated: 2024-08-07T15:39:13.609Z

Reserved: 2007-10-23T00:00:00

Link: CVE-2007-5653

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-23T21:47:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5653

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-3590", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3590"}, {"name": "4553", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4553"}, {"name": "php-com-security-bypass(37368)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37368"}, {"name": "27280", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27280"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5653", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-3590", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3590"}, {"name": "4553", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4553"}, {"name": "php-com-security-bypass(37368)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37368"}, {"name": "27280", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27280"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.609Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-3590", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3590"}, {"name": "4553", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4553"}, {"name": "php-com-security-bypass(37368)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37368"}, {"name": "27280", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27280"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5653", "datePublished": "2007-10-23T21:00:00", "dateReserved": "2007-10-23T00:00:00", "dateUpdated": "2024-08-07T15:39:13.609Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:windows:*:*:*:*:*", "matchCriteriaId": "0D7159E3-5ABD-431B-AD9D-42ADC07F91CF", "versionEndIncluding": "5.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function."}, {"lang": "es", "value": "Las funciones Component Object Model (COM) en PHP 5.x sobre Windows no siguen las restricciones safe_mode y disable_functions, lo cual permite a atacantes dependientes del contexto evitar las limitaciones intencionadas, como se demostr\u00f3 ejecutando objetos con el bit matar asignado en el correspondientes controlador ActiveX Compatibility Flags, ejecutando programas a trav\u00e9s de una funci\u00f3n en compatUI.dll, invocando wscript.shell a trav\u00e9s de wscript.exe, invocando Scripting.FileSystemObject a trav\u00e9s de wshom.ocx, y a\u00f1adiendo usuarios a trav\u00e9s de una funci\u00f3n en shgina.dll, relacionado con la funci\u00f3n com_load_typelib."}], "id": "CVE-2007-5653", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-23T21:47:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27280"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3590"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37368"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27280"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37368"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4553"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. These issues did not affect PHP on Linux.", "lastModified": "2007-10-24T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}