CVE-2007-5671

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 5.x through 5.5.6 build 80404 VMware Player versions prior to 1.0.6 build 80404 VMware ACE versions prior to 1.0.5 build 79846 VMware Server versions prior to 1.0.5 build 80187 VMware ESX versions 2.5.4 through 3.0.2

Description The issue arises from improper validation of arguments in user-mode METHOD NEITHER IOCTLs to the .hgfs device by HGFS.sys in the VMware Tools package. This allows guest OS users to modify arbitrary memory locations in guest kernel memory, potentially leading to privilege escalation.

Recommendations For VMware Workstation versions 5.x through 5.5.6 build 80404, update to version 5.5.6 build 80404 or later. For VMware Player versions prior to 1.0.6 build 80404, update to version 1.0.6 build 80404 or later. For VMware ACE versions prior to 1.0.5 build 79846, update to version 1.0.5 build 79846 or later. For VMware Server versions prior to 1.0.5 build 80187, update to version 1.0.5 build 80187 or later. For VMware ESX versions 2.5.4 through 3.0.2, update to a version later than 3.0.2.