PT-2007-5264 · Emc Vmware+1 · Emc Vmware Intraprocesslogging.Dll+1

Callax

Published

2007-07-30

Updated

2017-09-29

CVE-2007-4059

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: EMC VMware IntraProcessLogging.dll version 5.5.3.42958

Description: The issue is related to an absolute path traversal vulnerability in a certain ActiveX control. This allows remote attackers to create or overwrite arbitrary files by providing a full pathname in the argument to the SetLogFileName method.

Recommendations: For EMC VMware IntraProcessLogging.dll version 5.5.3.42958, consider restricting access to the SetLogFileName method until a patch is available. As a temporary workaround, avoid using the SetLogFileName method with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4059

Affected Products

Emc Vmware Intraprocesslogging.Dll

Vmware Workstation

PT-2007-5264 · Emc Vmware+1 · Emc Vmware Intraprocesslogging.Dll+1

CVE-2007-4059

Related Identifiers

Affected Products

References · 14