Vulnerability Description
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Ace | >= 1.0, < 1.0.3 |
| Vmware | Player | >= 1.0, < 1.0.5 |
| Vmware | Server | >= 1.0, < 1.0.4 |
| Vmware | Workstation | >= 5.5, < 5.5.5 |
| Vmware | Esx | 2.0.2 |
| Canonical | Ubuntu Linux | 6.06 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlThird Party Advisory
- http://secunia.com/advisories/26890Third Party Advisory
- http://secunia.com/advisories/27694Third Party Advisory
- http://secunia.com/advisories/27706Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200711-23.xmlThird Party Advisory
- http://www.iss.net/threats/275.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/25729PatchThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1018717Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/usn-543-1Third Party Advisory
- http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlPatchVendor Advisory
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlPatchVendor Advisory
- http://www.vmware.com/support/player/doc/releasenotes_player.htmlPatchVendor Advisory
- http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlPatchVendor Advisory
- http://www.vmware.com/support/server/doc/releasenotes_server.htmlPatchVendor Advisory
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlPatchVendor Advisory
FAQ
What is CVE-2007-0063?
CVE-2007-0063 is a vulnerability with a CVSS score of 10.0 (HIGH). Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE bef...
How severe is CVE-2007-0063?
CVE-2007-0063 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0063?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation, Vmware Esx.