VMware Workstation Path Specification Local Privilege Escalation Vulnerability

Bugtraq ID:	25732
Class:	Design Error
CVE:	CVE-2007-5023
Remote:	No
Local:	Yes
Published:	Sep 19 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Foundstone is credited with the discovery of this vulnerability.
Vulnerable:	VMWare Workstation for Linux 0 VMWare Workstation 6.0 VMWare Workstation 5.5.4 build 44386 VMWare Workstation 5.5.4 VMWare Workstation 5.5.3 build 42958 VMWare Workstation 5.5.3 build 34685 VMWare Workstation 5.5.1 Build 19175 VMWare Workstation 5.5.1 VMWare Workstation 5.0 .0 build-13124 VMWare Workstation 4.5.2 VMWare Workstation 4.0.2 VMWare Workstation 4.0.1 VMWare Workstation 4.0 VMWare Workstation 3.4 VMWare Workstation 3.2.1 patch 1 VMWare Server 1.0.3 VMWare Player 2.0 VMWare Player 1.0.4 VMWare ACE 2.0 VMWare ACE 1.0.3
Not Vulnerable:	VMWare Workstation 6.0.1 VMWare Workstation 5.5.5 VMWare Server 1.0.4 VMWare Player 2.0.1 VMWare Player 1.0.5 VMWare ACE 2.0.1 VMWare ACE 1.0.4

VMware Workstation Path Specification Local Privilege Escalation Vulnerability

VMware Workstation is prone to a privilege-escalation vulnerability.

The application tries to execute registered Windows services without using properly quoted paths. Successful exploits may allow local attackers to gain elevated privileges.

VMware Workstation Path Specification Local Privilege Escalation Vulnerability

An attacker can use readily available system tools to exploit this issue.

VMware Workstation Path Specification Local Privilege Escalation Vulnerability

Solution:
The vendor has released an advisory to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.

VMware Workstation Path Specification Local Privilege Escalation Vulnerability

References:

• Notes on VMware Workstation 6.0.1, Build 55017 (VMware)
  
• VMware Homepage (VMware)