10
CVE-2007-0062
- EPSS 7.62%
- Veröffentlicht 21.09.2007 19:17:00
- Zuletzt bearbeitet 16.06.2026 22:34:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Vmware Workstation Version6.0.1
VMware ≫ Workstation Version3.4
VMware ≫ Workstation Version4.0
VMware ≫ Workstation Version4.0.1
VMware ≫ Workstation Version4.0.2
VMware ≫ Workstation Version4.5.2
VMware ≫ Workstation Version5.5.0_build_13124
VMware ≫ Workstation Version5.5.1
VMware ≫ Workstation Version5.5.1_build_19175
VMware ≫ Workstation Version5.5.3_build_34685
VMware ≫ Workstation Version5.5.3_build_42958
VMware ≫ Workstation Version5.5.4
VMware ≫ Workstation Version5.5.4_build_44386
VMware ≫ Workstation Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.62% | 0.938 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://secunia.com/advisories/27706
http://security.gentoo.org/glsa/glsa-200711-23.xml
http://www.vupen.com/english/advisories/2007/3229
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://secunia.com/advisories/26890
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
http://secunia.com/advisories/27694
http://www.iss.net/threats/275.html
http://www.securityfocus.com/bid/25729
http://www.securitytracker.com/id?1018717
http://www.ubuntu.com/usn/usn-543-1
http://bugs.gentoo.org/show_bug.cgi?id=227135
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
http://secunia.com/advisories/31396
http://secunia.com/advisories/34263
http://security.gentoo.org/glsa/glsa-200808-05.xml
http://wiki.rpath.com/Advisories:rPSA-2009-0041
http://www.mandriva.com/security/advisories?name=MDVSA-2009:153
http://www.securityfocus.com/archive/1/501759/100/0/threaded
https://bugzilla.redhat.com/show_bug.cgi?id=339561
https://exchange.xforce.ibmcloud.com/vulnerabilities/33102