CVE-2007-5671

medium VMware
CVSS v3 Base Score
4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
0.1%
Exploitation probability in 30 days
Top 70% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: June 5, 2008 (6551 days ago)
Last Modified: April 23, 2026
Vendor: VMware
Source: NVD

Description

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

CWE

CWE-20

Affected Products

vmware acevmware esx servervmware playervmware servervmware vmware playervmware vmware servervmware vmware workstationvmware workstationvmware esx

References

🔗 labs.idefense.com 🔗 secunia.com 🔗 security.gentoo.org 🔗 securityreason.com 🔗 securitytracker.com