CVE-2007-5671
Severity Score
4.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia \\.\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elección en el núcleo de la memoria del sistema huesped y así obtener privilegios.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-10-23 CVE Reserved
- 2008-06-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712 | Third Party Advisory | |
| http://securityreason.com/securityalert/3922 | Third Party Advisory | |
| http://securitytracker.com/id?1020197 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/493080/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/493148/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/493172/100/0/threaded | Mailing List | |
| http://www.vmware.com/security/advisories/VMSA-2008-0009.html | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2008/1744 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358 | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/30556 | 2018-10-30 | |
| http://security.gentoo.org/glsa/glsa-201209-25.xml | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 1.0.0 Search vendor "Vmware" for product "Ace" and version "1.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 1.0.1 Search vendor "Vmware" for product "Ace" and version "1.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 1.0.2 Search vendor "Vmware" for product "Ace" and version "1.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 1.0.3 Search vendor "Vmware" for product "Ace" and version "1.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 1.0.4 Search vendor "Vmware" for product "Ace" and version "1.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Server Search vendor "Vmware" for product "Esx Server" | 2.5.5 Search vendor "Vmware" for product "Esx Server" and version "2.5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 1.0.4 Search vendor "Vmware" for product "Player" and version "1.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.3 Search vendor "Vmware" for product "Server" and version "1.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Player Search vendor "Vmware" for product "Vmware Player" | 1.0.0 Search vendor "Vmware" for product "Vmware Player" and version "1.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Player Search vendor "Vmware" for product "Vmware Player" | 1.0.1 Search vendor "Vmware" for product "Vmware Player" and version "1.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Player Search vendor "Vmware" for product "Vmware Player" | 1.0.2 Search vendor "Vmware" for product "Vmware Player" and version "1.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Player Search vendor "Vmware" for product "Vmware Player" | 1.0.3 Search vendor "Vmware" for product "Vmware Player" and version "1.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Player Search vendor "Vmware" for product "Vmware Player" | 1.0.5 Search vendor "Vmware" for product "Vmware Player" and version "1.0.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Server Search vendor "Vmware" for product "Vmware Server" | 1.0.0 Search vendor "Vmware" for product "Vmware Server" and version "1.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Server Search vendor "Vmware" for product "Vmware Server" | 1.0.1 Search vendor "Vmware" for product "Vmware Server" and version "1.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Server Search vendor "Vmware" for product "Vmware Server" | 1.0.2 Search vendor "Vmware" for product "Vmware Server" and version "1.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Server Search vendor "Vmware" for product "Vmware Server" | 1.0.4 Search vendor "Vmware" for product "Vmware Server" and version "1.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Workstation Search vendor "Vmware" for product "Vmware Workstation" | 5.5.0 Search vendor "Vmware" for product "Vmware Workstation" and version "5.5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Workstation Search vendor "Vmware" for product "Vmware Workstation" | 5.5.2 Search vendor "Vmware" for product "Vmware Workstation" and version "5.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vmware Workstation Search vendor "Vmware" for product "Vmware Workstation" | 5.5.5 Search vendor "Vmware" for product "Vmware Workstation" and version "5.5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 5.5.1 Search vendor "Vmware" for product "Workstation" and version "5.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 5.5.3 Search vendor "Vmware" for product "Workstation" and version "5.5.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 5.5.4 Search vendor "Vmware" for product "Workstation" and version "5.5.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 2.5.4 Search vendor "Vmware" for product "Esx" and version "2.5.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 3.0.0 Search vendor "Vmware" for product "Esx" and version "3.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 3.0.1 Search vendor "Vmware" for product "Esx" and version "3.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 3.0.2 Search vendor "Vmware" for product "Esx" and version "3.0.2" | - |
Affected
| ||||||