Vulnerabilities > CVE-2007-1744 - Directory Traversal vulnerability in VMware Workstation Shared Folders
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
NONE Summary
Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. Successful exploitation requires that a folder is shared. Although the "Shared Folders" feature is enabled by default, no folders are shared by default.
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | VMWARE_WORKSTATION_5_5_4_44386.NASL |
description | The version of VMware Workstation installed on the remote host is earlier than 5.5.4, Build 44386. Such versions are reportedly affected by several issues, including a directory traversal issue in the application |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25119 |
published | 2007-05-01 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25119 |
title | VMware Workstation < 5.5.4 Build 44386 Multiple Vulnerabilities |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/64009/CORE-2007-0930.txt |
id | PACKETSTORM:64009 |
last seen | 2016-12-05 |
published | 2008-02-25 |
reporter | Core Security Technologies |
source | https://packetstormsecurity.com/files/64009/Core-Security-Technologies-Advisory-2007.0930.html |
title | Core Security Technologies Advisory 2007.0930 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=521
- http://secunia.com/advisories/25079
- http://www.securityfocus.com/archive/1/467936/30/6690/threaded
- http://www.securityfocus.com/archive/1/469011/30/6510/threaded
- http://www.securityfocus.com/bid/23721
- http://www.securitytracker.com/id?1017980
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554
- http://www.vupen.com/english/advisories/2007/1592