FKIE_CVE-2007-5671

Vulnerability from fkie_nvd - Published: 2008-06-05 20:32 - Updated: 2025-04-09 00:30
Severity ?
Summary
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
cve@mitre.orghttp://secunia.com/advisories/30556Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201209-25.xml
cve@mitre.orghttp://securityreason.com/securityalert/3922
cve@mitre.orghttp://securitytracker.com/id?1020197
cve@mitre.orghttp://www.securityfocus.com/archive/1/493080/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/493148/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/493172/100/0/threaded
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2008-0009.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1744
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30556Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201209-25.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3922
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1020197
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/493080/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/493148/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/493172/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0009.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1744
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688
Impacted products
Vendor Product Version
vmware ace 1.0.0
vmware ace 1.0.1
vmware ace 1.0.2
vmware ace 1.0.3
vmware ace 1.0.4
vmware esx_server 2.5.5
vmware player 1.0.4
vmware server 1.0.3
vmware vmware_player 1.0.0
vmware vmware_player 1.0.1
vmware vmware_player 1.0.2
vmware vmware_player 1.0.3
vmware vmware_player 1.0.5
vmware vmware_server 1.0.0
vmware vmware_server 1.0.1
vmware vmware_server 1.0.2
vmware vmware_server 1.0.4
vmware vmware_workstation 5.5.0
vmware vmware_workstation 5.5.2
vmware vmware_workstation 5.5.5
vmware workstation 5.5.1
vmware workstation 5.5.3
vmware workstation 5.5.4
vmware esx 2.5.4
vmware esx 3.0.0
vmware esx 3.0.1
vmware esx 3.0.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADCA876-2B69-4267-8467-E7E470428D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9565E5-042E-4C62-A7C7-54808B15F0BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
    },
    {
      "lang": "es",
      "value": "HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia  \\\\.\\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elecci\u00f3n en el n\u00facleo de la memoria del sistema huesped y as\u00ed obtener privilegios."
    }
  ],
  "id": "CVE-2007-5671",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-05T20:32:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020197"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.