CVE-2007-4058

EMC VMware 6.0.0 - Remote Code Execution via vielib.dll StartProcess Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4058. PoCs published by callAX.

AI-analyzed exploit summary This exploit leverages an unsafe method call in vielib.dll (CLSID: 7B9C5422-39AA-4C21-BEEF-645E42EB4529) to execute arbitrary commands via the StartProcess method. It uses standard Office files as stdin/stdout/stderr placeholders to bypass checks and executes 'netsh' to open a firewall port.

Description

Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by callAX · htmlremotewindows

https://www.exploit-db.com/exploits/4244

View Code ZIP pw:eip

This exploit leverages an unsafe method call in vielib.dll (CLSID: 7B9C5422-39AA-4C21-BEEF-645E42EB4529) to execute arbitrary commands via the StartProcess method. It uses standard Office files as stdin/stdout/stderr placeholders to bypass checks and executes 'netsh' to open a firewall port.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VMware Workstation 6.0.0 (vielib.dll 2.2.5.42958)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6.0/7.0 · VMware Workstation 6.0.0 installed · Microsoft Office 2003 installed (for placeholder files)

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →