Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

PHP - Local hacker automatic control

Version: 5.x
Technical Details:

It has been discovered that COM objects can be instantiated and accessed from PHP on Windows, even though safe_mode and disable_function have been set. This will allow a limited local user (one who is only able to access / run PHP scripts, for example) to execute arbitrary code on a vulnerable system. Due to the way that PHP instantiates the COM objects, it allows the bypassing of any kill-bit that has been set.

Full exploit code has been released publicly.


An exploit has been released to a number of public sources that allows for the bypassing of safe_mode and disable_function in PHP 5.x when installed on Windows. While preventing users who have permissions to install and run PHP scripts from accessing the underlying system might seem like a desirable outcome (especially for multi-user systems), this particular vulnerability is a concern as it allows for the bypassing of kill-bits that have been set on the system.


Short of disabling PHP / removing it from the system, consider implementing extremely limited access controls, though this might cause problems with PHP scripts. Administrators of PHP on Windows systems should be aware of the risks to their systems from account users.


Not Yet Available



External Tracking Data:

Not Yet Identified

Social bookmark this page