CVE-2007-0063

CWE-1917 documents7 sources

Severity

10.0CRITICAL

EPSS

7.6%

top 8.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ACE Vmware Player Vmware Server +3 more

Timeline

PublishedSep 21

Latest updateMay 1

Description

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDvmware/player1.0 — 1.0.5+1

▶NVDvmware/server1.0 — 1.0.4

▶NVDvmware/workstation5.5 — 5.5.5+1

▶NVDvmware/ace1.0 — 1.0.3+1

▶NVDvmware/esx6 versions+5

Also affects: Ubuntu Linux 6.06, 6.10, 7.04

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-wpv6-5q5m-qph7: Integer underflow in the DHCP server in EMC VMware Workstation before 5↗2022-05-01

▶

CVEList

CVE-2007-0063: Integer underflow in the DHCP server in EMC VMware Workstation before 5↗2007-09-21

▶

💥Exploits & PoCs

Exploit-DB

Comicsense 0.2 - 'index.php?epi' SQL Injection (2)↗2007-06-06

▶

📋Vendor Advisories

Ubuntu

VMWare vulnerabilities↗2007-11-15

▶

Red Hat

security flaw↗2007-10-08

▶

💬Community

Bugzilla

CVE-2007-0063 security flaw↗2018-08-16

▶