CVE-2007-5023
First published: Fri Sep 21 2007(Updated: )
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation | >=5<=5.5.5 | |
| VMware Workstation | >=6.0<=6.0.1 | |
| VMware Player | >=1.0.0<=1.0.5 | |
| VMware Player | >=2.0<=2.0.1 | |
| VMware ACE | >=1.0<=1.0.3 | |
| VMware Server | >=1.0<=1.0.4 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =7.04 | |
| Ubuntu Linux | =6.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vmware.com/support/ace/doc/releasenotes_ace.html
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.securityfocus.com/bid/25732
Frequently Asked Questions
What is the severity of CVE-2007-5023?
CVE-2007-5023 is classified as a high-severity vulnerability that allows local users to gain elevated privileges on affected systems.
How do I fix CVE-2007-5023?
To fix CVE-2007-5023, upgrade to the latest version of the affected VMware products, which have the vulnerability patched.
Which VMware products are affected by CVE-2007-5023?
CVE-2007-5023 affects versions of VMware Workstation prior to 5.5.5 and 6.x prior to 6.0.1, Player prior to 1.0.5 and 2.0.1, ACE prior to 1.0.3, and Server prior to 1.0.4.
How can attackers exploit CVE-2007-5023?
Attackers can exploit CVE-2007-5023 by manipulating the unquoted Windows search path to execute malicious code with elevated privileges.
Is there a workaround for CVE-2007-5023?
A potential workaround for CVE-2007-5023 involves renaming the affected executables to eliminate spaces in the file paths, but upgrading is the recommended solution.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware workstation
- version/vmware workstation/5
- version/vmware workstation/5.5.5
- version/vmware workstation/6.0
- version/vmware workstation/6.0.1
- canonical/vmware player
- version/vmware player/1.0.0
- version/vmware player/1.0.5
- version/vmware player/2.0
- version/vmware player/2.0.1
- canonical/vmware ace
- version/vmware ace/1.0
- version/vmware ace/1.0.3
- canonical/vmware server
- version/vmware server/1.0
- version/vmware server/1.0.4
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/7.04
- version/ubuntu linux/6.10