CVE-2007-0909
NONE EPSS 86.8%
Published Feb 13, 200719y ago · Modified Jun 16, 20262w ago
Published Feb 13, 2007 19y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
Threat Intelligence
EPSS Exploit Probability
86.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 77
| Vendor | Product | Version | Range |
|---|---|---|---|
| php | php | 3.0 | any |
| php | php | 3.0.1 | any |
| php | php | 3.0.2 | any |
| php | php | 3.0.3 | any |
| php | php | 3.0.4 | any |
| php | php | 3.0.5 | any |
| php | php | 3.0.6 | any |
| php | php | 3.0.7 | any |
| php | php | 3.0.8 | any |
| php | php | 3.0.9 | any |
| php | php | 3.0.10 | any |
| php | php | 3.0.11 | any |
| php | php | 3.0.12 | any |
| php | php | 3.0.13 | any |
| php | php | 3.0.14 | any |
| php | php | 3.0.15 | any |
| php | php | 3.0.16 | any |
| php | php | 3.0.17 | any |
| php | php | 3.0.18 | any |
| php | php | 4.0 | any |
| php | php | 4.0.1 | any |
| php | php | 4.0.1 | any |
| php | php | 4.0.1 | any |
| php | php | 4.0.2 | any |
| php | php | 4.0.3 | any |
| php | php | 4.0.3 | any |
| php | php | 4.0.4 | any |
| php | php | 4.0.5 | any |
| php | php | 4.0.6 | any |
| php | php | 4.0.7 | any |
| php | php | 4.0.7 | any |
| php | php | 4.0.7 | any |
| php | php | 4.0.7 | any |
| php | php | 4.1.0 | any |
| php | php | 4.1.1 | any |
| php | php | 4.1.2 | any |
| php | php | 4.2 | any |
| php | php | 4.2.0 | any |
| php | php | 4.2.1 | any |
| php | php | 4.2.2 | any |
| php | php | 4.2.3 | any |
| php | php | 4.3.0 | any |
| php | php | 4.3.1 | any |
| php | php | 4.3.2 | any |
| php | php | 4.3.3 | any |
| php | php | 4.3.4 | any |
| php | php | 4.3.5 | any |
| php | php | 4.3.6 | any |
| php | php | 4.3.7 | any |
| php | php | 4.3.8 | any |
| php | php | 4.3.9 | any |
| php | php | 4.3.10 | any |
| php | php | 4.3.11 | any |
| php | php | 4.4.0 | any |
| php | php | 4.4.1 | any |
| php | php | 4.4.2 | any |
| php | php | 4.4.3 | any |
| php | php | 4.4.4 | any |
| php | php | 5.0 | any |
| php | php | 5.0 | any |
| php | php | 5.0 | any |
| php | php | 5.0.0 | any |
| php | php | 5.0.1 | any |
| php | php | 5.0.2 | any |
| php | php | 5.0.3 | any |
| php | php | 5.0.4 | any |
| php | php | 5.0.5 | any |
| php | php | 5.1.0 | any |
| php | php | 5.1.1 | any |
| php | php | 5.1.2 | any |
| php | php | 5.1.3 | any |
| php | php | 5.1.4 | any |
| php | php | 5.1.5 | any |
| php | php | 5.1.6 | any |
| php | php | 5.2.0 | any |
| trustix | secure_linux | 2.2 | any |
| trustix | secure_linux | 3.0 | any |
References 40
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- lists.suse.com http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
- osvdb.org http://osvdb.org/32764
- osvdb.org http://osvdb.org/32765
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2007-0089.html
- secunia.com http://secunia.com/advisories/24089
- secunia.com http://secunia.com/advisories/24195
- secunia.com http://secunia.com/advisories/24217
- secunia.com http://secunia.com/advisories/24236
- secunia.com http://secunia.com/advisories/24248
- secunia.com http://secunia.com/advisories/24284
- secunia.com http://secunia.com/advisories/24295
- secunia.com http://secunia.com/advisories/24322
- secunia.com http://secunia.com/advisories/24419
- secunia.com http://secunia.com/advisories/24421
- secunia.com http://secunia.com/advisories/24432
- secunia.com http://secunia.com/advisories/24514
- secunia.com http://secunia.com/advisories/24606
- secunia.com http://secunia.com/advisories/24642
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200703-21.xml
- support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
- support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
- openpkg.com http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
- php.net http://www.php.net/ChangeLog-5.php#5.2.1
- php.net http://www.php.net/releases/5_2_1.php
- redhat.com http://www.redhat.com/support/errata/RHSA-2007-0076.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2007-0081.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2007-0082.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2007-0088.html
- securityfocus.com http://www.securityfocus.com/archive/1/461462/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/22496
- securitytracker.com http://www.securitytracker.com/id?1017671
- trustix.org http://www.trustix.org/errata/2007/0009/
- ubuntu.com http://www.ubuntu.com/usn/usn-424-1
- ubuntu.com http://www.ubuntu.com/usn/usn-424-2
- us.debian.org http://www.us.debian.org/security/2007/dsa-1264
- vupen.com http://www.vupen.com/english/advisories/2007/0546
- issues.rpath.com https://issues.rpath.com/browse/RPL-1088
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9722
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.