Vulnerabilities > CVE-2007-1270 - Numeric Errors vulnerability in VMWare ESX and ESX Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

vmware

CWE-189

NVD

Published: 2007-04-06

Updated: 2018-10-30

Summary

Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware ESX Server 3.0	1
OS	Vmware Vmware ESX 3.0.0 Vmware ESX 3.0.1	2

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Oval

accepted

2010-08-16T04:10:48.244-04:00

class

vulnerability

contributors

name Yuzheng Zhou
organization Hewlett-Packard
name Pai Peng
organization Hewlett-Packard
name Michael Wood
organization Hewlett-Packard
name Jonathan Baker
organization The MITRE Corporation

definition_extensions

comment VMWare ESX Server 3.0.1 is installed
oval oval:org.mitre.oval:def:5367
comment VMWare ESX Server 3.0.0 is installed
oval oval:org.mitre.oval:def:5501

description

family

unix

oval:org.mitre.oval:def:5463

status

accepted

submitted

2008-04-10T15:10:44.000-05:00

title

VMware ESX server double free vulnerability may let remote users execute arbitrary code

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Oval

References