CVE-2007-1056

Name of the Vulnerable Software and Affected Versions: VMware Workstation version 5.5.3 build 34685

Description: The issue allows local users to perform restricted operations, including changing system time, accessing hardware components, and stopping the "VMware tools service" service. This is due to the lack of per-user restrictions on certain privileged actions. Exploitation is simplified by weak file permissions for %PROGRAMFILES%VMware and weak registry key permissions for various services, including vmmouse, vmscsi, VMTools, vmx svga, and vmxnet in HKLMSYSTEMCurrentControlSetServices. This allows local users to execute certain files under %PROGRAMFILES%VMwareVMware Tools, such as VMControlPanel.cpl and vmwareservice.exe, to perform privileged actions outside of the guest OS.

Recommendations: For VMware Workstation version 5.5.3 build 34685, consider restricting access to the vulnerable services, including vmmouse, vmscsi, VMTools, vmx svga, and vmxnet, and apply proper file permissions to %PROGRAMFILES%VMware to prevent unauthorized execution of files such as VMControlPanel.cpl and vmwareservice.exe. Additionally, ensure that only authorized users have access to the "VMware tools service" service to prevent it from being stopped or modified.