CVE-2007-5671
VMware Workstation 5.x < 5.5.6 - Privilege Escalation via HGFS.sys IOCTL Argument Validation
Title source: llmDescription
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
References (12)
Core 12
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-25.xml
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1744
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30556
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493172/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493080/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1020197
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493148/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3922
Scores
EPSS
0.0012
EPSS Percentile
29.8%
Details
CWE
CWE-20
Status
published
Products (27)
vmware/ace
1.0.0
vmware/ace
1.0.1
vmware/ace
1.0.2
vmware/ace
1.0.3
vmware/ace
1.0.4
vmware/esx
2.5.4
vmware/esx
3.0.0
vmware/esx
3.0.1
vmware/esx
3.0.2
vmware/esx_server
2.5.5
... and 17 more
Published
Jun 05, 2008
Tracked Since
Feb 18, 2026