VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jun 5, 2008· Updated Apr 23, 2026

CVE-2007-5671

CVE-2007-5671

Description

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

Affected products

27
  • VMware/Ace5 versions
    cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*
  • VMware/Esx Server
    cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*
  • VMware/Player6 versions
    cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*
  • VMware/Server5 versions
    cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*
  • VMware/Workstation6 versions
    cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • VMware/Esx4 versions
    cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

12

News mentions

0

No linked articles in our index yet.