ID CVE-2007-1270
Summary Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:esx_server:3.0
    cpe:2.3:a:vmware:esx_server:3.0
  • VMWare ESX 3.0.0
    cpe:2.3:o:vmware:esx:3.0.0
  • VMWare ESX 3.0.1
    cpe:2.3:o:vmware:esx:3.0.1
CVSS
Base: 5.0 (as of 06-04-2007 - 13:58)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
oval via4
accepted 2010-08-16T04:10:48.244-04:00
class vulnerability
contributors
  • name Yuzheng Zhou
    organization Hewlett-Packard
  • name Pai Peng
    organization Hewlett-Packard
  • name Michael Wood
    organization Hewlett-Packard
  • name Jonathan Baker
    organization The MITRE Corporation
definition_extensions
  • comment VMWare ESX Server 3.0.1 is installed
    oval oval:org.mitre.oval:def:5367
  • comment VMWare ESX Server 3.0.0 is installed
    oval oval:org.mitre.oval:def:5501
description Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
family unix
id oval:org.mitre.oval:def:5463
status accepted
submitted 2008-04-10T15:10:44.000-05:00
title VMware ESX server double free vulnerability may let remote users execute arbitrary code
version 9
refmap via4
bid 23323
bugtraq 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
confirm
osvdb 35268
sectrack 1017875
secunia 24788
sreason 2524
vupen ADV-2007-1267
Last major update 07-03-2011 - 21:51
Published 05-04-2007 - 20:19
Last modified 30-10-2018 - 12:26
Back to Top