PT-2007-6128 · Vmware+1 · Vmware Player+4
Published
2007-09-21
·
Updated
2019-08-01
·
CVE-2007-5023
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EMC VMware Workstation versions prior to 5.5.5 Build 56455
EMC VMware Workstation versions 6.x prior to 6.0.1 Build 55017
EMC VMware Player versions prior to 1.0.5 Build 56455
EMC VMware Player 2 versions prior to 2.0.1 Build 55017
EMC VMware ACE versions prior to 1.0.3 Build 54075
EMC VMware Server versions prior to 1.0.4 Build 56528
Description
The issue allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder. This is due to an unquoted Windows search path vulnerability.
Recommendations
For EMC VMware Workstation versions prior to 5.5.5 Build 56455, update to version 5.5.5 Build 56455 or later.
For EMC VMware Workstation versions 6.x prior to 6.0.1 Build 55017, update to version 6.0.1 Build 55017 or later.
For EMC VMware Player versions prior to 1.0.5 Build 56455, update to version 1.0.5 Build 56455 or later.
For EMC VMware Player 2 versions prior to 2.0.1 Build 55017, update to version 2.0.1 Build 55017 or later.
For EMC VMware ACE versions prior to 1.0.3 Build 54075, update to version 1.0.3 Build 54075 or later.
For EMC VMware Server versions prior to 1.0.4 Build 56528, update to version 1.0.4 Build 56528 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Ace
Vmware Player
Vmware Server
Vmware Workstation
Windows