CVE-2007-5438 Details

CVE-2007-5438

Published: 2007-10-13
Last Modified: 2018-10-15
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.

Analysis
Common Vulnerability Score System v2.0
Severity Low
Base Score 1.9/10
Exploit Score 3.4/10
Access Vector Local
Access Complexity Medium
Authentication None
Impact Score 2.9/10
Confidentiality Impact None
Availability Impact Partial
Integrity Impact None
Vector String AV:L/AC:M/Au:N/C:N/I:N/A:P
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:2.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_server:1.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_server:1.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_server:1.0.6:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_server:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:* Yes - -
References

http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://osvdb.org/43488
http://secunia.com/advisories/31707
http://secunia.com/advisories/31708
http://secunia.com/advisories/31709
http://secunia.com/advisories/31710
http://securityreason.com/securityalert/3219
http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf
http://www.securityfocus.com/archive/1/482021/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/26025
http://www.securitytracker.com/id?1020791
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/2466

CVE ID
CVE-2007-5438
Published
2007-10-13
Modified
2018-10-15
CVSSv2.0
Low
PCI Compliance
Pass
US-CERT Alert
No
CWE
CWE Pending

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.