CVE-2007-5023
VMware ACE < 1.0.3 - Unquoted Windows Search Path Privilege Escalation
Title source: llmDescription
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.
References (7)
Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/server/doc/releasenotes_server.html
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/player/doc/releasenotes_player.html
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25732
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Scores
EPSS
0.0007
EPSS Percentile
22.1%
Details
CWE
CWE-264
Status
published
Products (7)
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
6.10
canonical/ubuntu_linux
7.04
vmware/ace
1.0 - 1.0.3
vmware/player
1.0.0 - 1.0.5
vmware/server
1.0 - 1.0.4
vmware/workstation
5 - 5.5.5
Published
Sep 21, 2007
Tracked Since
Feb 18, 2026