VMware Vielib.DLL ActiveX Control Remote Code Execution Vulnerability
BID:25118
Info
VMware Vielib.DLL ActiveX Control Remote Code Execution Vulnerability
| Bugtraq ID: | 25118 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 29 2007 12:00AM |
| Updated: | Jul 30 2007 10:25PM |
| Credit: | callAX, and the GOODFELLAS Security Research TEAM discovered this vulnerability. |
| Vulnerable: |
VMWare Workstation 6.0 |
| Not Vulnerable: | |
Discussion
VMware Vielib.DLL ActiveX Control Remote Code Execution Vulnerability
An ActiveX control installed with VMware is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible.
This issue affects VMware 6.0.0; other versions may also be affected.
An ActiveX control installed with VMware is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible.
This issue affects VMware 6.0.0; other versions may also be affected.
Exploit / POC
VMware Vielib.DLL ActiveX Control Remote Code Execution Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.
The following exploit is available:
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.
The following exploit is available:
Solution / Fix
VMware Vielib.DLL ActiveX Control Remote Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
VMware Vielib.DLL ActiveX Control Remote Code Execution Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- VMware Homepage (VMware)