PT-2007-1556 · Vmware · Vmware Server+3
Published
2007-09-21
·
Updated
2019-07-16
·
CVE-2007-0063
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EMC VMware Workstation versions prior to 5.5.5 Build 56455
EMC VMware Workstation versions 6.x prior to 6.0.1 Build 55017
EMC VMware Player versions prior to 1.0.5 Build 56455
EMC VMware Player 2 versions prior to 2.0.1 Build 55017
EMC VMware ACE versions prior to 1.0.3 Build 54075
EMC VMware ACE 2 versions prior to 2.0.1 Build 55017
EMC VMware Server versions prior to 1.0.4 Build 56528
Description
The issue is caused by an integer underflow in the DHCP server, allowing remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.
Recommendations
For EMC VMware Workstation versions prior to 5.5.5 Build 56455, update to version 5.5.5 Build 56455 or later.
For EMC VMware Workstation versions 6.x prior to 6.0.1 Build 55017, update to version 6.0.1 Build 55017 or later.
For EMC VMware Player versions prior to 1.0.5 Build 56455, update to version 1.0.5 Build 56455 or later.
For EMC VMware Player 2 versions prior to 2.0.1 Build 55017, update to version 2.0.1 Build 55017 or later.
For EMC VMware ACE versions prior to 1.0.3 Build 54075, update to version 1.0.3 Build 54075 or later.
For EMC VMware ACE 2 versions prior to 2.0.1 Build 55017, update to version 2.0.1 Build 55017 or later.
For EMC VMware Server versions prior to 1.0.4 Build 56528, update to version 1.0.4 Build 56528 or later.
Fix
RCE
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Ace
Vmware Player
Vmware Server
Vmware Workstation