Vulnerability Name:

CVE-2007-1056 (CCN-32634)

Assigned:2007-02-19
Published:2007-02-19
Updated:2018-10-16
Summary:VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service.
Note: exploitation is simplified via (1) weak file permissions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe.
CVSS v3 Severity:3.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
3.2 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:P)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Mon Feb 19 2007 - 15:28:20 CST
VMware Workstation multiple denial of service and isolation manipulation vulnerabilities

Source: MITRE
Type: CNA
CVE-2007-1056

Source: OSVDB
Type: UNKNOWN
45244

Source: SREASON
Type: UNKNOWN
2281

Source: CCN
Type: OSVDB ID: 45244
VMWare Workstation Per-user Restriction Weakness Local Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20070219 VMware Workstation multiple denial of service and isolation manipulation vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20070303 Re: VMware Workstation multiple denial of service and isolation manipulation vulnerabilities

Source: CCN
Type: VMware Workstation Web site
VMware: Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

Source: XF
Type: UNKNOWN
vmware-tools-privilege-escalation(32634)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    vmware workstation 5.5.3_build_34685
    vmware workstation 5.5.3_build_34685