CVE-2007-0061 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Vmware ACE

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

16.3%

top 5.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ACE Vmware Player Vmware Server +3 more

Timeline

PublishedSep 21

Latest updateMay 1

Description

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDvmware/player1.0 — 1.0.5+1

▶NVDvmware/server1.0 — 1.0.4

▶NVDvmware/workstation5.5 — 5.5.5+1

▶NVDvmware/ace1.0 — 1.0.3+1

▶NVDvmware/esx6 versions+5

Also affects: Ubuntu Linux 6.06, 6.10, 7.04

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-xmcp-6wwf-qfhc: The DHCP server in EMC VMware Workstation before 5↗2022-05-01

▶

CVEList

CVE-2007-0061: The DHCP server in EMC VMware Workstation before 5↗2007-09-21

▶

📋Vendor Advisories

Ubuntu

VMWare vulnerabilities↗2007-11-15

▶

Red Hat

CVE-2007-0061: The DHCP server in EMC VMware Workstation before 5↗

▶