Vulnerability Description
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Player | >= 1.0.0, < 1.0.5 |
| Vmware | Server | < 1.0.4 |
| Vmware | Workstation | >= 5.5, < 5.5.5 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlThird Party Advisory
- http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlVendor Advisory
- http://secunia.com/advisories/26890Third Party Advisory
- http://www.securityfocus.com/archive/1/489739/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/28276Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/28289Third Party AdvisoryVDB Entry
- http://www.vmware.com/security/advisories/VMSA-2008-0005.htmlVendor Advisory
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlVendor Advisory
- http://www.vmware.com/support/player/doc/releasenotes_player.htmlPatchVendor Advisory
- http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlPatchVendor Advisory
- http://www.vmware.com/support/server/doc/releasenotes_server.htmlPatchVendor Advisory
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlPatchVendor Advisory
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlPatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/3229Third Party Advisory
- http://www.vupen.com/english/advisories/2008/0905/referencesThird Party Advisory
FAQ
What is CVE-2007-5618?
CVE-2007-5618 is a vulnerability with a CVSS score of 7.2 (HIGH). Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5....
How severe is CVE-2007-5618?
CVE-2007-5618 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5618?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Player, Vmware Server, Vmware Workstation.