CVE-2007-4496 — MEDIUM (6.5)

Q: How severe is CVE-2007-4496?

CVE-2007-4496 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-4496?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation, Canonical Ubuntu Linux.

Vulnerability Description

Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.

CVSS Score

6.5

MEDIUM

AV:A/AC:H/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Vmware	Ace	>= 1.0, <= 1.0.3
Vmware	Player	>= 1.0.0, <= 1.0.5
Vmware	Server	>= 1.0, <= 1.0.4
Vmware	Workstation	>= 5, <= 5.5.5
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-399

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlThird Party Advisory
http://secunia.com/advisories/26890Third Party Advisory
http://secunia.com/advisories/27694Third Party Advisory
http://secunia.com/advisories/27706Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-23.xmlThird Party Advisory
http://www.securityfocus.com/bid/25728PatchThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018718Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/usn-543-1Third Party Advisory
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlPatchVendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlPatchVendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.htmlPatchVendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlPatchVendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.htmlPatchVendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlPatchVendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlPatchVendor Advisory

FAQ

What is CVE-2007-4496?

CVE-2007-4496 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 B...

How severe is CVE-2007-4496?

CVE-2007-4496 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4496?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation, Canonical Ubuntu Linux.