PT-2007-3815 · Vmware · Vmware Server+1

Published

2007-05-04

Updated

2011-03-08

CVE-2007-2491

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC VMware Workstation version 5.5.3.34685 VMware Server version 1.0.1.29996

Description The issue affects the PIIX4 power management subsystem, allowing local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004. This can trigger a denial of service, such as a virtual machine crash, or have other unspecified impacts.

Recommendations For EMC VMware Workstation version 5.5.3.34685, consider restricting access to the PIIX4 power management subsystem to minimize the risk of exploitation. For VMware Server version 1.0.1.29996, avoid using the I/O port 0x1004 until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2491

Affected Products

Vmware Server

Vmware Workstation

PT-2007-3815 · Vmware · Vmware Server+1

CVE-2007-2491

Related Identifiers

Affected Products

References · 5