CVE-2007-5618
First published: Sun Oct 21 2007(Updated: )
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Player | >=1.0.0<1.0.5 | |
| VMware Workstation | >=5.5<5.5.5 | |
| VMware Workstation | >=6.0<6.0.1 | |
| VMware Player | >=2.0<2.0.1 | |
| VMware Server | <1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
- http://secunia.com/advisories/26890
- http://lists.vmware.com/pipermail/security-announce/2008/000008.html
- http://www.vmware.com/security/advisories/VMSA-2008-0005.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.securityfocus.com/bid/28276
- http://www.vupen.com/english/advisories/2007/3229
- http://www.vupen.com/english/advisories/2008/0905/references
- http://www.securityfocus.com/bid/28289
- http://www.securityfocus.com/archive/1/489739/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-5618?
CVE-2007-5618 is considered a moderate severity vulnerability that could allow local users to gain elevated privileges.
How do I fix CVE-2007-5618?
To fix CVE-2007-5618, upgrade to VMware Player version 1.0.5 or 2.0.1, VMware Server version 1.0.4, or VMware Workstation version 5.5.5 or 6.0.1.
Which VMware products are affected by CVE-2007-5618?
CVE-2007-5618 affects VMware Player, VMware Server, and VMware Workstation across various versions prior to the specified updates.
Can CVE-2007-5618 be exploited remotely?
CVE-2007-5618 cannot be exploited remotely as it requires local access to the affected systems.
What causes the CVE-2007-5618 vulnerability?
The CVE-2007-5618 vulnerability is caused by unquoted Windows search paths in the affected VMware services.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/vmware
- canonical/vmware player
- version/vmware player/1.0.0
- canonical/vmware workstation
- version/vmware workstation/5.5
- version/vmware workstation/6.0
- version/vmware player/2.0
- canonical/vmware server