CVE-2007-5023 — MEDIUM (6.9)

Q: How severe is CVE-2007-5023?

CVE-2007-5023 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-5023?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation, Canonical Ubuntu Linux.

Vulnerability Description

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Vmware	Ace	>= 1.0, <= 1.0.3
Vmware	Player	>= 1.0.0, <= 1.0.5
Vmware	Server	>= 1.0, <= 1.0.4
Vmware	Workstation	>= 5, <= 5.5.5
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-264

References

http://www.securityfocus.com/bid/25732PatchThird Party AdvisoryVDB Entry
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlPatchVendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.htmlPatchVendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlPatchVendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.htmlPatchVendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlPatchVendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/25732PatchThird Party AdvisoryVDB Entry
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlPatchVendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.htmlPatchVendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlPatchVendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.htmlPatchVendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlPatchVendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlPatchVendor Advisory

FAQ

What is CVE-2007-5023?

CVE-2007-5023 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, A...

How severe is CVE-2007-5023?

CVE-2007-5023 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5023?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation, Canonical Ubuntu Linux.