| Vulnerability Name: | CVE-2007-5618 (CCN-38848) | ||||||||
| Assigned: | 2007-09-20 | ||||||||
| Published: | 2007-09-20 | ||||||||
| Updated: | 2018-10-26 | ||||||||
| Summary: | Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player Source: MITRE Type: CNA CVE-2007-5618 Source: FULLDISC Type: Third Party Advisory 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player Source: MLIST Type: Vendor Advisory [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues Source: CCN Type: SA26890 VMWare Products Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 26890 Source: CCN Type: SA29412 VMware Server Multiple Vulnerabilities Source: CCN Type: OSVDB ID: 40091 VMware Multiple Products Windows Search Path Subversion Local Privilege Escalation Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues Source: BID Type: Third Party Advisory, VDB Entry 28276 Source: CCN Type: BID-28276 VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities Source: BID Type: Third Party Advisory, VDB Entry 28289 Source: CCN Type: BID-28289 VMware Products Multiple Vulnerabilities Source: CCN Type: VMware Web site VMware Source: CONFIRM Type: Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2008-0005.html Source: CONFIRM Type: Vendor Advisory http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/player/doc/releasenotes_player.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/player2/doc/releasenotes_player2.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/server/doc/releasenotes_server.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html Source: VUPEN Type: Third Party Advisory ADV-2007-3229 Source: VUPEN Type: Third Party Advisory ADV-2008-0905 Source: XF Type: UNKNOWN vmware-authentication-privilege-escalation(38848) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||