VMware Workstation VMStor-60 Driver Buffer Overflow Vulnerability
BID:25441
Info
VMware Workstation VMStor-60 Driver Buffer Overflow Vulnerability
| Bugtraq ID: | 25441 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4591 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 25 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
VMWare Workstation 6.0 |
| Not Vulnerable: | |
Discussion
VMware Workstation VMStor-60 Driver Buffer Overflow Vulnerability
VMware Workstation is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
This issue affects VMware Workstation 6.0 for Windows; other versions running on different platforms may also be affected.
VMware Workstation is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
This issue affects VMware Workstation 6.0 for Windows; other versions running on different platforms may also be affected.
Exploit / POC
VMware Workstation VMStor-60 Driver Buffer Overflow Vulnerability
An attacker can exploit this issue by using the Device Path Exerciser (dc2.exe), which can be downloaded from the following site:
http://www.osronline.com/ddkx/ddtools/dc2_8bxv.htm
An attacker can exploit this issue by using the Device Path Exerciser (dc2.exe), which can be downloaded from the following site:
http://www.osronline.com/ddkx/ddtools/dc2_8bxv.htm
Solution / Fix
VMware Workstation VMStor-60 Driver Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
VMware Workstation VMStor-60 Driver Buffer Overflow Vulnerability
References:
References: