Vulnerability CVE-2006-3547

Vulnerability Name:

CVE-2006-3547

Assigned:

2006-07-12

Published:

2006-07-12

Updated:

2018-10-18

Summary:

** DISPUTED ** EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine.
Note: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

References:

Source: MITRE
Type: CNA
CVE-2006-3547

Source: OSVDB
Type: UNKNOWN
27524

Source: BUGTRAQ
Type: UNKNOWN
20060618 Vm ware 0day dos exploit by n00b.

Source: BUGTRAQ
Type: UNKNOWN
20060620 Re: Vm ware 0day dos exploit by n00b.

Source: BUGTRAQ
Type: UNKNOWN
20060620 Re: Vm ware 0day dos exploit by n00b.

Vulnerable Configuration:

Configuration 1:

cpe:/a:vmware:player:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK