Vulnerability Name:

CVE-2007-4591 (CCN-36277)

Assigned:2007-08-24
Published:2007-08-24
Updated:2017-07-29
Summary:vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Fri Aug 24 2007 - 17:34:05 CDT
security vulnerability in VMware

Source: MITRE
Type: CNA
CVE-2007-4591

Source: MITRE
Type: CNA
CVE-2007-4593

Source: BUGTRAQ
Type: UNKNOWN
20070824 security vulnerability in VMware

Source: CCN
Type: SA26606
VMWare Workstation vstor-ws60.sys Denial of Service

Source: SECUNIA
Type: Vendor Advisory
26606

Source: CCN
Type: SECTRACK ID: 1018609
VMware Buffer Overflow in vmstor-60 Driver Lets Local Users Gain Elevated Privileges

Source: MISC
Type: UNKNOWN
http://tarrysingh.blogspot.com/2007/08/security-vmware-workstation-6.html

Source: CCN
Type: OSVDB ID: 40086
VMware Workstation vstor-ws60.sys FsSetVolumeInformation IOCTL Handler Local DoS

Source: CCN
Type: OSVDB ID: 40087
VMware Workstation vstor2-ws60.sys Unspecified Local DoS

Source: BID
Type: Exploit
25441

Source: CCN
Type: BID-25441
VMware Workstation VMStor-60 Driver Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018609

Source: CCN
Type: VMware Workstation Web site
VMware: Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

Source: VUPEN
Type: UNKNOWN
ADV-2007-2992

Source: XF
Type: UNKNOWN
vmware-vstor-privilege-escalation(36277)

Source: XF
Type: UNKNOWN
vmware-vmstor-privilege-escalation(36277)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vmware workstation 6.0
    vmware workstation 6.0