http://security.e-matters.de/advisories/112004.html
Release Date: 2004/07/14
Author: Stefan Esser [s.esser@ematters.de]
Application: PHP <= 4.3.7
PHP5 <= 5.0.0RC3
Severity: A vulnerability within PHP allows remote code execution on PHP servers with activated memory_limit
Risk: Critical
During a reaudit of the memory_limit problematic it was discovered that it is possible for a remote attacker to trigger the memory_limit request termination in places where an interruption is unsafe. This can be abused to execute arbitrary code on remote PHP servers.