{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"name": "ADV-2007-3229", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"name": "26890", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26890"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"name": "28289", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28289"}, {"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"name": "ADV-2008-0905", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0905/references"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"name": "28276", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28276"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5618", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"name": "ADV-2007-3229", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"}, {"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"name": "26890", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26890"}, {"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"name": "28289", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28289"}, {"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"name": "ADV-2008-0905", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0905/references"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"name": "28276", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28276"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.657Z"}, "title": "CVE Program Container", "references": [{"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"name": "ADV-2007-3229", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"name": "26890", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26890"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"name": "28289", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28289"}, {"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"name": "ADV-2008-0905", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0905/references"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"name": "28276", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28276"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5618", "datePublished": "2007-10-21T21:00:00.000Z", "dateReserved": "2007-10-21T00:00:00.000Z", "dateUpdated": "2024-08-07T15:39:13.657Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEAB76F0-194A-49C2-9B11-40626D5FE144", "versionEndExcluding": "1.0.5", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "matchCriteriaId": "35A00737-2932-4877-8E02-1F9534C6FBAE", "versionEndExcluding": "2.0.1", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E09F612-579E-43BA-95C6-7D910A0CFA56", "versionEndExcluding": "1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "27920879-1408-4514-BA3F-B31DD69FACA2", "versionEndExcluding": "5.5.5", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "1ACA1016-EAC5-4210-ABDC-C2499F2841EA", "versionEndExcluding": "6.0.1", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs."}, {"lang": "es", "value": "Una ruta de b\u00fasqueda en Windows sin cerrar las comillas en el servicio Authorization y en otros servicios en el VMware Player 1.0.x anterior al 1.0.5 y el 2.0 anterior al 2.0.1, en el VMware Server anterior al 1.0.4; y en el Workstation 5.x anterior al 5.5.5 y el 6.x anterior al 6.0.1, puede permitir a usuarios locales obtener privilegios a trav\u00e9s de programas maliciosos."}], "id": "CVE-2007-5618", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-21T21:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/26890"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28276"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28289"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0905/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/26890"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0905/references"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}