CVE-2007-4059

EMC VMware <5.5.3.42958 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4059. PoCs published by callAX.

AI-analyzed exploit summary This exploit leverages an arbitrary file write vulnerability in IntraProcessLogging.dll (Vmware) via the SetLogFileName method. It allows an attacker to overwrite arbitrary files on the system by crafting a malicious HTML page.

Description

Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by callAX · htmlremotewindows

https://www.exploit-db.com/exploits/4240

View Code ZIP pw:eip

This exploit leverages an arbitrary file write vulnerability in IntraProcessLogging.dll (Vmware) via the SetLogFileName method. It allows an attacker to overwrite arbitrary files on the system by crafting a malicious HTML page.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: IntraProcessLogging.dll 5.5.3.42958 (Vmware)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6.0/7.0 on Windows XP SP1/SP2

MITRE ATT&CK