CVE-2007-4155

Name of the Vulnerable Software and Affected Versions EMC VMware version 6.0.0

Description The issue is related to an absolute path traversal vulnerability in a certain ActiveX control in vielib.dll. This allows remote attackers to execute arbitrary local programs by providing a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method.

Recommendations For EMC VMware version 6.0.0, consider restricting access to the CreateProcess and CreateProcessEx methods in the affected ActiveX control until a patch is available. As a temporary workaround, avoid using full pathnames in the first two arguments to these methods to minimize the risk of exploitation.