CVE-2007-5023

CWE-2643 documents3 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 78.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ACE Vmware Player Vmware Server +2 more

Timeline

PublishedSep 21

Latest updateMay 1

Description

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages4 packages

▶NVDvmware/player1.0.0 — 1.0.5+1

▶NVDvmware/server1.0 — 1.0.4

▶NVDvmware/workstation5 — 5.5.5+1

▶NVDvmware/ace1.0 — 1.0.3

Also affects: Ubuntu Linux 6.06, 6.10, 7.04

Patches

Patch: www.securityfocus.com ↗Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-2h6v-37p4-8p5c: Unquoted Windows search path vulnerability in EMC VMware Workstation before 5↗2022-05-01

▶

CVEList

CVE-2007-5023: Unquoted Windows search path vulnerability in EMC VMware Workstation before 5↗2007-09-21

▶