CVE-2007-1744
VMware Security Advisory 2007-0004.1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.
Vulnerabilidad de salto de directorio en la característica Shared Folders para VMware Workstation anterior 5.5.4, cuando una carpeta es compartida, permite a usuarios sobre el sistema invitado escribir archivos de su elección sobre sistema host a través de la interfaz "Puerto de puerta trasera de I/O".
Remote exploitation of a design error in the "Shared Folders" feature of VMware Inc.'s VMware Workstation could allow an attacker to write arbitrary content from a guest system to arbitrary locations on the host system. The "Shared Folders" feature of VMware Workstation allows folders on the physical "host" system to be shared with virtual "guest" systems. Due to a flaw in the code which validates that the filename is safe, an attacker or malicious code within the guest system can read or write files on the host system in the context of the user running Workstation. iDefense confirmed this vulnerability to exist in VMware Workstation 5.5.3 build 34685 on a Windows XPSP2 host. Other versions may also be affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-03-28 CVE Reserved
- 2007-05-02 CVE Published
- 2024-08-07 CVE Updated
- 2025-05-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=521 | Third Party Advisory | |
http://secunia.com/advisories/25079 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/467936/30/6690/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/469011/30/6510/threaded | Mailing List | |
http://www.securityfocus.com/bid/23721 | Vdb Entry | |
http://www.securitytracker.com/id?1017980 | Vdb Entry | |
http://www.vupen.com/english/advisories/2007/1592 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | 2018-10-16 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | <= 5.5.3 Search vendor "Vmware" for product "Workstation" and version " <= 5.5.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Safe
|