Lucene search

PRIOn knowledge basePRION:CVE-2007-5671

HistoryJun 05, 2008 - 8:32 p.m.

Memory corruption

2008-06-0520:32:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

CPENameOperatorVersion
aceeq1.0.1
aceeq1.0.2
aceeq1.0.0
aceeq1.0.4
aceeq1.0.3
esxeq2.5.4
esxeq3.0.0
esxeq3.0.2
esxeq3.0.1
esx_servereq2.5.5

Name	Operator	Version
ace	eq	1.0.1
ace	eq	1.0.2
ace	eq	1.0.0
ace	eq	1.0.4
ace	eq	1.0.3
esx	eq	2.5.4
esx	eq	3.0.0
esx	eq	3.0.2
esx	eq	3.0.1
esx_server	eq	2.5.5

Rows per page:

1-10 of 271

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=712

secunia.com/advisories/30556

security.gentoo.org/glsa/glsa-201209-25.xml

securityreason.com/securityalert/3922

securitytracker.com/id?1020197

www.securityfocus.com/archive/1/493080/100/0/threaded

www.securityfocus.com/archive/1/493148/100/0/threaded

www.securityfocus.com/archive/1/493172/100/0/threaded

www.vmware.com/security/advisories/VMSA-2008-0009.html

www.vupen.com/english/advisories/2008/1744

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688