Vulnerability Details : CVE-2007-0061
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-0061
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0061
75.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0061
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2007-0061
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-0061
-
Red Hat 2008-06-03Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
References for CVE-2007-0061
-
http://www.vupen.com/english/advisories/2007/3229
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
http://www.securityfocus.com/bid/25729
Patch;Third Party Advisory;VDB Entry
-
http://www.iss.net/threats/275.html
Patch;Third Party Advisory
-
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Page not foundPatch;Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-200711-23.xml
VMware Workstation and Player: Multiple vulnerabilities (GLSA 200711-23) — Gentoo securityThird Party Advisory
-
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Page not foundPatch;Vendor Advisory
-
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Page not foundPatch;Vendor Advisory
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
[Full-Disclosure] Mailing List CharterThird Party Advisory
-
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Patch;Vendor Advisory
-
http://www.vmware.com/support/player/doc/releasenotes_player.html
Page not foundPatch;Vendor Advisory
-
http://www.securitytracker.com/id?1018717
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-543-1
Third Party Advisory
-
http://www.vmware.com/support/server/doc/releasenotes_server.html
Page not foundPatch;Vendor Advisory
-
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Page not foundPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33101
VDB Entry
Jump to