CVE-2007-5671
Summary
| CVE | CVE-2007-5671 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-06-05 20:32:00 UTC |
| Updated | 2018-10-30 16:26:00 UTC |
| Description | HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vmware | Ace | 1.0.0 | All | All | All |
| Application | Vmware | Ace | 1.0.1 | All | All | All |
| Application | Vmware | Ace | 1.0.2 | All | All | All |
| Application | Vmware | Ace | 1.0.3 | All | All | All |
| Application | Vmware | Ace | 1.0.4 | All | All | All |
| Application | Vmware | Ace | 1.0.0 | All | All | All |
| Application | Vmware | Ace | 1.0.1 | All | All | All |
| Application | Vmware | Ace | 1.0.2 | All | All | All |
| Application | Vmware | Ace | 1.0.3 | All | All | All |
| Application | Vmware | Ace | 1.0.4 | All | All | All |
| Operating System | Vmware | Esx | 2.5.4 | All | All | All |
| Operating System | Vmware | Esx | 3.0.0 | All | All | All |
| Operating System | Vmware | Esx | 3.0.1 | All | All | All |
| Operating System | Vmware | Esx | 3.0.2 | All | All | All |
| Operating System | Vmware | Esx | 2.5.4 | All | All | All |
| Operating System | Vmware | Esx | 3.0.0 | All | All | All |
| Operating System | Vmware | Esx | 3.0.1 | All | All | All |
| Operating System | Vmware | Esx | 3.0.2 | All | All | All |
| Application | Vmware | Esx Server | 2.5.5 | All | All | All |
| Application | Vmware | Esx Server | 2.5.5 | All | All | All |
| Application | Vmware | Player | 1.0.4 | All | All | All |
| Application | Vmware | Player | 1.0.4 | All | All | All |
| Application | Vmware | Server | 1.0.3 | All | All | All |
| Application | Vmware | Server | 1.0.3 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.0 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.1 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.2 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.3 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.5 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.0 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.1 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.2 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.3 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.5 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.0 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.1 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.2 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.4 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.0 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.1 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.2 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.4 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.0 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.2 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.5 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.0 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.2 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.5 | All | All | All |
| Application | Vmware | Workstation | 5.5.1 | All | All | All |
| Application | Vmware | Workstation | 5.5.3 | All | All | All |
| Application | Vmware | Workstation | 5.5.4 | All | All | All |
| Application | Vmware | Workstation | 5.5.1 | All | All | All |
| Application | Vmware | Workstation | 5.5.3 | All | All | All |
| Application | Vmware | Workstation | 5.5.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VMware Products Multiple Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | securitytracker.com | |
| Gentoo Linux Documentation -- VMware Player, Server, Workstation: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| VMSA-2008-0009.2 - VMware | CONFIRM | www.vmware.com | |
| SecurityReason - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi | SREASON | securityreason.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| 20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability | IDEFENSE | labs.idefense.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.