Vulnerability Description
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Ace | >= 1.0, < 1.0.3 |
| Vmware | Player | >= 1.0, < 1.0.5 |
| Vmware | Server | >= 1.0, < 1.0.4 |
| Vmware | Workstation | >= 5.5, < 5.5.5 |
| Vmware | Esx | 2.0.2 |
| Canonical | Ubuntu Linux | 6.06 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlThird Party Advisory
- http://secunia.com/advisories/26890Third Party Advisory
- http://secunia.com/advisories/27694Third Party Advisory
- http://secunia.com/advisories/27706Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200711-23.xmlThird Party Advisory
- http://www.iss.net/threats/275.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/25729PatchThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1018717Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/usn-543-1Third Party Advisory
- http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlPatchVendor Advisory
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlPatchVendor Advisory
- http://www.vmware.com/support/player/doc/releasenotes_player.htmlPatchVendor Advisory
- http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlPatchVendor Advisory
- http://www.vmware.com/support/server/doc/releasenotes_server.htmlPatchVendor Advisory
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlPatchVendor Advisory
FAQ
What is CVE-2007-0061?
CVE-2007-0061 is a vulnerability with a CVSS score of 10.0 (HIGH). The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075...
How severe is CVE-2007-0061?
CVE-2007-0061 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0061?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation, Vmware Esx.