CVE-2007-5671 [Medium] | Input Validation Bypass in Ace

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2023-03-07	1.28%	0.06%	-1.22%
2	2022-02-04	—	1.28%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2023-03-07

1.28%

0.06%

-1.22%

2022-02-04

—

1.28%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.4	2.0	MEDIUM	`AV:L/AC:M/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	3.4	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.4

2.0

MEDIUM

AV:L/AC:M/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

3.4

6.4

[email protected]

OS Trackers for CVE-2007-5671

vendor	priority	summary	link
`gentoo`	high	CVE-2007-5671: 1 GLSA(s) (201209-25), 3 atom(s) (app-emulation/vmware-player, app-emulation/vmware-server, app-emulation/vmware-workstation); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2007-5671
`ubuntu`	medium	CVE-2007-5671 medium priority: Ubuntu including 1 source packages (vmware-server), 6 status rows across 6 suites (dapper, feisty, gutsy, hardy, intrepid, upstream): DNE 4, ignored 1, released 1.	https://ubuntu.com/security/CVE-2007-5671

Affected software / configurations for CVE-2007-5671

Vendor	Product	Version	Raw CPE
vmware	ace	1.0.0	cpe:2.3:a:vmware:ace:1.0.0:::::::*
vmware	ace	1.0.1	cpe:2.3:a:vmware:ace:1.0.1:::::::*
vmware	ace	1.0.2	cpe:2.3:a:vmware:ace:1.0.2:::::::*
vmware	ace	1.0.3	cpe:2.3:a:vmware:ace:1.0.3:::::::*
vmware	ace	1.0.4	cpe:2.3:a:vmware:ace:1.0.4:::::::*
vmware	esx_server	2.5.5	cpe:2.3:a:vmware:esx_server:2.5.5:::::::*
vmware	player	1.0.4	cpe:2.3:a:vmware:player:1.0.4:::::::*
vmware	server	1.0.3	cpe:2.3:a:vmware:server:1.0.3:::::::*
vmware	vmware_player	1.0.0	cpe:2.3:a:vmware:vmware_player:1.0.0:::::::*
vmware	vmware_player	1.0.1	cpe:2.3:a:vmware:vmware_player:1.0.1:::::::*
vmware	vmware_player	1.0.2	cpe:2.3:a:vmware:vmware_player:1.0.2:::::::*
vmware	vmware_player	1.0.3	cpe:2.3:a:vmware:vmware_player:1.0.3:::::::*
vmware	vmware_player	1.0.5	cpe:2.3:a:vmware:vmware_player:1.0.5:::::::*
vmware	vmware_server	1.0.0	cpe:2.3:a:vmware:vmware_server:1.0.0:::::::*
vmware	vmware_server	1.0.1	cpe:2.3:a:vmware:vmware_server:1.0.1:::::::*
vmware	vmware_server	1.0.2	cpe:2.3:a:vmware:vmware_server:1.0.2:::::::*
vmware	vmware_server	1.0.4	cpe:2.3:a:vmware:vmware_server:1.0.4:::::::*
vmware	vmware_workstation	5.5.0	cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::*
vmware	vmware_workstation	5.5.2	cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::*
vmware	vmware_workstation	5.5.5	cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::*
vmware	workstation	5.5.1	cpe:2.3:a:vmware:workstation:5.5.1:::::::*
vmware	workstation	5.5.3	cpe:2.3:a:vmware:workstation:5.5.3:::::::*
vmware	workstation	5.5.4	cpe:2.3:a:vmware:workstation:5.5.4:::::::*
vmware	esx	2.5.4	cpe:2.3:o:vmware:esx:2.5.4:::::::*
vmware	esx	3.0.0	cpe:2.3:o:vmware:esx:3.0.0:::::::*
vmware	esx	3.0.1	cpe:2.3:o:vmware:esx:3.0.1:::::::*
vmware	esx	3.0.2	cpe:2.3:o:vmware:esx:3.0.2:::::::*

References for CVE-2007-5671

URL	Tags
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
http://secunia.com/advisories/30556	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securityreason.com/securityalert/3922
http://securitytracker.com/id?1020197
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/archive/1/493148/100/0/threaded
http://www.securityfocus.com/archive/1/493172/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/1744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688

URL

CVE-2007-5671

Exploit prediction scoring system (EPSS) score for CVE-2007-5671

Common vulnerability scoring system (CVSS) metrics for CVE-2007-5671

Weakness enumeration for CVE-2007-5671

OS Trackers for CVE-2007-5671

Affected software / configurations for CVE-2007-5671

References for CVE-2007-5671