VMware Player 1.0/1.0.5 Build 56455/2.0.1 Build 55017 DHCP Server resource management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in VMware Player 1.0/1.0.5 Build 56455/2.0.1 Build 55017. It has been declared as problematic. This affects an unknown part of the component DHCP Server. The manipulation results in resource management. This vulnerability is cataloged as CVE-2007-4496. There is no exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in VMware Player 1.0/1.0.5 Build 56455/2.0.1 Build 55017 (Virtualization Software). Affected is some unknown processing of the component DHCP Server. The manipulation with an unknown input leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.
The bug was discovered 09/18/2007. The weakness was shared 09/20/2007 by Neel Metha Ryan Smith with IBM ISS X-Force (Website). The advisory is shared for download at vmware.com. This vulnerability is traded as CVE-2007-4496 since 08/22/2007. Access to the local network is required for this attack to succeed. Required for exploitation is a authentication. There are neither technical details nor an exploit publicly available.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 2 days. During that time the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 28262 (GLSA-200711-23 : VMware Workstation and Player: Multiple vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Gentoo Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116315 (Critical Security Updates for all Supported Versions of VMware ESX Server VMware Server VMware Workstation VMware ACE and VMware Player (VMSA-2007-0006)).
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at vmware.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 3 months after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (36725), Tenable (28262), SecurityFocus (BID 25728†), OSVDB (40095†) and Secunia (SA26890†). The entries VDB-3321, VDB-3326, VDB-3323 and VDB-3322 are related to this item. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.vmware.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.0
VulDB Base Score: 5.5
VulDB Temp Score: 5.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource managementCWE: CWE-399 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 28262
Nessus Name: GLSA-200711-23 : VMware Workstation and Player: Multiple vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 840135
OpenVAS Name: Ubuntu Update for libxml2 USN-2214-1
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: vmware.com
Timeline
08/22/2007 🔍09/18/2007 🔍
09/18/2007 🔍
09/19/2007 🔍
09/20/2007 🔍
09/20/2007 🔍
09/20/2007 🔍
09/21/2007 🔍
09/23/2007 🔍
10/01/2007 🔍
11/18/2007 🔍
11/20/2007 🔍
07/07/2025 🔍
Sources
Vendor: vmware.comAdvisory: vmware.com
Researcher: Neel Metha Ryan Smith
Organization: IBM ISS X-Force
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-4496 (🔍)
GCVE (CVE): GCVE-0-2007-4496
GCVE (VulDB): GCVE-100-3324
OVAL: 🔍
X-Force: 36725
SecurityFocus: 25728 - VMware Workstation Unspecified Host Memory Corruption Vulnerability
Secunia: 26890
OSVDB: 40095 - CVE-2007-4496 - VMware Workstation - Unspecified Issue
SecurityTracker: 1018718
Vulnerability Center: 16122 - VMware Multiple Products Vulnerability Allows Code Execution with Elevated Privileges, Medium
Vupen: ADV-2007-3229
scip Labs: https://www.scip.ch/en/?labs.20060413
See also: 🔍
Entry
Created: 10/01/2007 15:24Updated: 07/07/2025 17:54
Changes: 10/01/2007 15:24 (93), 07/26/2019 20:12 (4), 07/07/2025 17:54 (18)
Complete: 🔍
Cache ID: 216:C6F:103
No comments yet. Languages: en.
Please log in to comment.