CVE-2007-5023

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.

Published: Sep 21, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5023
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
vmware / workstation	5	5.5.5.x
vmware / workstation	6.0	6.0.1.x
vmware / player	1.0.0	1.0.5.x
vmware / player	2.0	2.0.1.x
vmware / ace	1.0	1.0.3.x
vmware / server	1.0	1.0.4.x
canonical / ubuntu_linux	6.06	6.06.x
canonical / ubuntu_linux	7.04	7.04.x
canonical / ubuntu_linux	6.10	6.10.x

http://www.securityfocus.com/bid/25732
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

Vulnerability Database

289,599

CVE-2007-5023