| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.9 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as problematic has been found in VMware Workstation 5.5.3. Affected by this vulnerability is an unknown functionality of the component Shared Folders. The manipulation results in backdoor. This vulnerability is cataloged as CVE-2007-1744. There is no exploit available. The affected component should be upgraded.
Details
A vulnerability was found in VMware Workstation 5.5.3 (Virtualization Software). It has been classified as critical. Affected is an unknown part of the component Shared Folders. The manipulation with an unknown input leads to a backdoor vulnerability. CWE is classifying the issue as CWE-912. The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. This is going to have an impact on confidentiality, and integrity. CVE summarizes:
Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.
The bug was discovered 04/27/2007. The weakness was shared 05/02/2007 by Greg MacManus (iDefense) with iDEFENSE Labs (Website). The advisory is shared for download at vmware.com. This vulnerability is traded as CVE-2007-1744 since 03/28/2007. The attack needs to be approached locally. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1588.001.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 4 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 25119 (VMware Workstation < 5.5.4 Build 44386 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116383 (VMware Multiple Denial of Service Vulnerabilities(VMSA-2007-0004)).
Upgrading to version 5.5.4 eliminates this vulnerability. A possible mitigation has been published 2 years after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (33970), Tenable (25119), SecurityFocus (BID 23721†), OSVDB (35505†) and Secunia (SA25079†). The entries VDB-36566, VDB-36565, VDB-36563 and VDB-36562 are related to this item. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.vmware.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.7VulDB Meta Temp Score: 6.9
VulDB Base Score: 7.7
VulDB Temp Score: 6.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: BackdoorCWE: CWE-912
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 25119
Nessus Name: VMware Workstation < 5.5.4 Build 44386 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Workstation 5.5.4
Timeline
03/28/2007 🔍04/27/2007 🔍
04/27/2007 🔍
04/30/2007 🔍
04/30/2007 🔍
05/01/2007 🔍
05/02/2007 🔍
05/02/2007 🔍
05/06/2007 🔍
11/06/2008 🔍
03/13/2015 🔍
08/02/2019 🔍
Sources
Vendor: vmware.comAdvisory: vmware.com
Researcher: Greg MacManus (iDefense)
Organization: iDEFENSE Labs
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-1744 (🔍)
GCVE (CVE): GCVE-0-2007-1744
GCVE (VulDB): GCVE-100-36564
X-Force: 33970
SecurityFocus: 23721 - VMware Workstation Shared Folders Directory Traversal Vulnerability
Secunia: 25079
OSVDB: 35505 - VMWare - Workstation - Shared Folders - Directory Traversal Issue
SecurityTracker: 1017980
Vulnerability Center: 15008 - VMware Workstation before 5.5.4 Allows Users to Traverse Directories, Medium
Vupen: ADV-2007-1592
scip Labs: https://www.scip.ch/en/?labs.20060413
See also: 🔍
Entry
Created: 03/13/2015 14:56Updated: 08/02/2019 12:27
Changes: 03/13/2015 14:56 (75), 08/02/2019 12:27 (12)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.