CVE-2007-1069
https://notcve.org/view.php?id=CVE-2007-1069
The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF). La gestión de memoria en VMware Workstation anterior a 5.5.4 permite a atacantes remotos provocar denegación de servicio (caida de la maquina virtual de windows)a través del disparo de ciertas averías generales de protección (GPF). • http://osvdb.org/35507 http://secunia.com/advisories/25079 http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=49 http://www.securityfocus.com/archive/1/467836/100/0/threaded http://www.securityfocus.com/archive/1/467936/30/6690/threaded http://www.securityfocus.com/archive/1/469011/30/6510/threaded http://www.securityfocus.com/bid/23732 http://www.securitytracker.com/id?1018011 http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html# •
CVE-2007-1056
https://notcve.org/view.php?id=CVE-2007-1056
VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permissions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe. VMware Workstation versión 5.5.3 build 34685, no proporciona restricciones por usuario en ciertas acciones privilegiadas, lo que permite a los usuarios locales realizar operaciones restringidas, tales como cambiar la hora del sistema, acceder a los componentes de hardware y detener el servicio "VMware tools service". NOTA: la explotación es simplificada por medio de (1) permisos de archivos débiles (Users = Read & Execute) para %PROGRAMFILES%\VMware; y permisos de clave de registro débiles (access by Users) para (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga y (6) vmxnet en HKLM\SYSTEM\CurrentControlSet\Services\; lo que permite a los usuarios locales realizar varias acciones privilegiadas fuera del sistema operativo invitado por medio de la ejecución de ciertos archivos bajo herramientas %PROGRAMFILES%\VMware\VMware, como es demostrado por (a) VMControlPanel.cpl y (b) vmwareservice.exe. • http://osvdb.org/45244 http://securityreason.com/securityalert/2281 http://www.securityfocus.com/archive/1/460664/100/0/threaded http://www.securityfocus.com/archive/1/461807/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-0833
https://notcve.org/view.php?id=CVE-2007-0833
VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system. VMware Workstation 5.5.3 34685, cuando la opción "habilitar cortar y pegar desde y hacia esta máquina virtual" ("Enable copy and paste to and from this virtual machine") está habilitada, conserva los datos en el porta papeles del sistema operativo del invitado, después de que estos han sido borrados del sistema operativo del host, lo que puede permitir a usuarios locales leer el contenido del porta papeles devolviendo el foco de nuevo al sistema operativo del host. • http://osvdb.org/33221 http://www.securityfocus.com/archive/1/459140/100/0/threaded http://www.securityfocus.com/bid/22413 •
CVE-2007-0832
https://notcve.org/view.php?id=CVE-2007-0832
VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems. VMware Workstation 5.5.3 34685 no cambia inmediatamente la disponibilidad de un porta papeles compartido cuando se cambia el check en el "habilitar cortar y pegar desde y hacia esta máquina virtual" ("Enable copy and paste to and from this virtual machine"), lo que permite a usuarios locales la obtención de información sensible o llevar a cabo ciertos ataques que facilitan un aislamiento débil entre el host y los sistemas operativos de los invitados. • http://osvdb.org/33222 http://www.securityfocus.com/archive/1/459140/100/0/threaded http://www.securityfocus.com/bid/22413 •
CVE-2006-6410 – VMware 5.5.1 - 'ActiveX' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6410
Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function. Desbordamiento de búfer en un control ActiveX en VMWare 5.5.1 permite a atacantes locales ejecutar código de su elección mediante un parámetro largo VmdbDb en la función Initialize. • https://www.exploit-db.com/exploits/2264 http://securityreason.com/securityalert/2008 http://www.open-security.org/advisories/17 http://www.securityfocus.com/archive/1/452746/100/100/threaded http://www.securityfocus.com/archive/1/452775/100/100/threaded http://www.securityfocus.com/bid/19732 •