Vulnerability Description
The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Server | 1.0.1_build_29996 |
| Vmware | Workstation | 5.5.3_build_34685 |
References
- http://osvdb.org/40088
- http://taviso.decsystem.org/virtsec.pdf
- http://www.vupen.com/english/advisories/2007/1592
- http://osvdb.org/40088
- http://taviso.decsystem.org/virtsec.pdf
- http://www.vupen.com/english/advisories/2007/1592
FAQ
What is CVE-2007-2491?
CVE-2007-2491 is a vulnerability with a CVSS score of 7.2 (HIGH). The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004...
How severe is CVE-2007-2491?
CVE-2007-2491 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2491?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Server, Vmware Workstation.