Back to search
CVE-2007-5671
Published: Jun 5, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-201209-25
vendor-advisory
x_refsource_GENTOO
ADV-2008-1744
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:5688
vdb-entry
signature
x_refsource_OVAL
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
x_refsource_CONFIRM
30556
third-party-advisory
x_refsource_SECUNIA
20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability
third-party-advisory
x_refsource_IDEFENSE
oval:org.mitre.oval:def:5358
vdb-entry
signature
x_refsource_OVAL
20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability
mailing-list
x_refsource_BUGTRAQ
1020197
vdb-entry
x_refsource_SECTRACK
20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability
mailing-list
x_refsource_BUGTRAQ
3922
third-party-advisory
x_refsource_SREASON
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now