Vulnerability Name: CVE-2007-5438 (CCN-37073) Assigned: 2007-10-10 Published: 2007-10-10 Updated: 2018-10-15 Summary: Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function. CVSS v3 Severity: 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P 1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P 1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-noinfo CWE-20 Vulnerability Consequences: Denial of Service References: Source: CCNELEYTT 10PAZDZIERNIK2007 CVE-2007-5438 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. 43488 VMware Workstation Multiple Vulnerabilities 31707 VMware Server Multiple Vulnerabilities 31708 VMware Player Multiple Vulnerabilities 31709 VMware ACE Multiple Vulnerabilities 31710 3219 VMware Workstation/ACE/Player/Server ActiveX Controls Let Remote Users Execute Arbitrary Code VMware Virtual Disk Mount Service Local Denial of Service http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf EMC VMware Player Reconfig.DLL ActiveX vmount2.exe ConnectPopulatedDiskEx Function Local DoS 20071010 [ELEYTT] 10PAZDZIERNIK2007 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. 26025 VMware Virtual Disk Mount Service Reconfig.DLL Denial Of Service Vulnerability 1020791 VMware, Inc. VMware Security Advisory http://www.vmware.com/security/advisories/VMSA-2008-0014.html http://www.vmware.com/support/ace/doc/releasenotes_ace.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/player/doc/releasenotes_player.html http://www.vmware.com/support/player2/doc/releasenotes_player2.html http://www.vmware.com/support/server/doc/releasenotes_server.html http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ADV-2008-2466 vmware-connectpopulateddiskex-dos(37073) Vulnerable Configuration: Configuration 1 :cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:1.0.1:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:1.0.2:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:1.0.3:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:1.0.4:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:1.0.5:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:1.0.6:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:1.0.7:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:2.0.3:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:2.0.4:*:*:*:*:*:*:* OR cpe:/a:vmware:ace:2.0.5:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:2.0:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_server:1.0:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_server:1.0.3:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_server:1.0.6:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_server:*:*:*:*:*:*:*:* (Version <= 1.0.7) OR cpe:/a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:* OR cpe:/a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:* BACK
vmware ace 1.0
vmware ace 1.0.1
vmware ace 1.0.2
vmware ace 1.0.3
vmware ace 1.0.4
vmware ace 1.0.5
vmware ace 1.0.6
vmware ace 1.0.7
vmware ace 2.0
vmware ace 2.0.1
vmware ace 2.0.2
vmware ace 2.0.3
vmware ace 2.0.4
vmware ace 2.0.5
vmware vmware player 1.0.0
vmware vmware player 1.0.1
vmware vmware player 1.0.2
vmware vmware player 1.0.3
vmware vmware player 1.0.4
vmware vmware player 1.0.5
vmware vmware player 1.0.6
vmware vmware player 1.0.7
vmware vmware player 1.0.8
vmware vmware player 2.0
vmware vmware player 2.0.1
vmware vmware player 2.0.2
vmware vmware player 2.0.3
vmware vmware player 2.0.4
vmware vmware player 2.0.5
vmware vmware server 1.0
vmware vmware server 1.0.1
vmware vmware server 1.0.2
vmware vmware server 1.0.3
vmware vmware server 1.0.4
vmware vmware server 1.0.5
vmware vmware server 1.0.6
vmware vmware server *
vmware vmware workstation 5.5.0
vmware vmware workstation 5.5.1
vmware vmware workstation 5.5.2
vmware vmware workstation 5.5.3
vmware vmware workstation 5.5.4
vmware vmware workstation 5.5.5
vmware vmware workstation 5.5.6
vmware vmware workstation 5.5.7
vmware vmware workstation 5.5.8
vmware vmware workstation 6.0
vmware vmware workstation 6.0.1
vmware vmware workstation 6.0.2
vmware vmware workstation 6.0.3
vmware vmware workstation 6.0.4
vmware vmware workstation 6.0.5
Denotes that component is vulnerable