VMware Virtual Disk Mount Service Reconfig.DLL Denial Of Service Vulnerability

Bugtraq ID:	26025
Class:	Unknown
CVE:	CVE-2007-5438
Remote:	Yes
Local:	No
Published:	Oct 11 2007 12:00AM
Updated:	Sep 01 2008 07:44PM
Credit:	Michal Bucko is credited with the discovery of this vulnerability.
Vulnerable:	VMWare Workstation 6.0.5 build 109488 VMWare Workstation 6.0.5 VMWare Workstation 6.0.1 VMWare Workstation 6.0 VMWare Workstation 5.5.8 build 108000 VMWare Workstation 5.5.8 VMWare Server 1.0.7 build 108231 VMWare Server 1.0.7 VMWare Player 2.0.5 build 109488 VMWare Player 2.0.5 VMWare Player 2.0.1 VMWare Player 2.0 VMWare Player 1.0.8 build 108000 VMWare Player 1.0.8 VMWare Player VMWare ACE 2.0.5 build 109488 VMWare ACE 2.0.5 VMWare ACE 1.0.7 build 108880 VMWare ACE 1.0.7
Not Vulnerable:

VMware Virtual Disk Mount Service Reconfig.DLL Denial Of Service Vulnerability

VMware Virtual Disk Mount Service ('vmount2.exe') is prone to a denial-of-service vulnerability.

Attackers exploit this issue by enticing an unsuspecting victim to open a malicious VMware disk image with the affected application.

An attacker may be able to exploit this issue to cause denial-of-service conditions in the affected application.

VMware Virtual Disk Mount Service Reconfig.DLL Denial Of Service Vulnerability

An exploit is available from the discoverer of this vulnerability.

VMware Virtual Disk Mount Service Reconfig.DLL Denial Of Service Vulnerability

Solution:
The vendor has released an update to address this issue. Please see the referenced advisory for more information.

VMware Virtual Disk Mount Service Reconfig.DLL Denial Of Service Vulnerability

References:

• VMware Homepage (VMware)
  
• VMware Virtual Disk Mount Service Local Denial of Service (Michal Bucko)
  
• [ELEYTT] 10PAZDZIERNIK2007 ("Michal Bucko" )