9.3

CVE-2007-4155

Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EmcVmware Version6.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.62% 0.949
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://www.vupen.com/english/advisories/2007/3229
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://secunia.com/advisories/26890
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
http://www.securityfocus.com/bid/25131
http://www.securitytracker.com/id?1018511
https://exchange.xforce.ibmcloud.com/vulnerabilities/35670
https://www.exploit-db.com/exploits/4245