ID CVE-2007-1744
Summary Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. Successful exploitation requires that a folder is shared. Although the "Shared Folders" feature is enabled by default, no folders are shared by default.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:-:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.0.1_build_5289:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.0.1_build_5289:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:4.5.2_build_8848:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:4.5.2_build_8848:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
CVSS
Base: 6.3 (as of 16-10-2018 - 16:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:N
refmap via4
bid 23721
bugtraq
  • 20070507 VMSA-2007-0004 Multiple Denial-of-Service issues fixed
  • 20070518 VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability
confirm http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554
idefense 20070427 VMware Workstation Shared Folders Directory Traversal Vulnerability
sectrack 1017980
secunia 25079
vupen ADV-2007-1592
Last major update 16-10-2018 - 16:40
Published 02-05-2007 - 19:19
Last modified 16-10-2018 - 16:40
Back to Top