Rapid7 Vulnerability & Exploit Database

VMware Player: VMware Tools Local Privilege Escalation on Windows-based guest OS (VMSA-2008-0009) (CVE-2007-5671)

Back to Search

VMware Player: VMware Tools Local Privilege Escalation on Windows-based guest OS (VMSA-2008-0009) (CVE-2007-5671)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
06/05/2008
Created
07/25/2018
Added
11/30/2013
Modified
02/13/2015

Description

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

Solution(s)

  • vmware-player-upgrade-1_0_6

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;