CVE-2007-5671

N/A Unknown

Published: June 05, 2008 Modified: April 23, 2026

Description

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712

Source: cve@mitre.org

http://secunia.com/advisories/30556

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201209-25.xml

Source: cve@mitre.org

http://securityreason.com/securityalert/3922

Source: cve@mitre.org

http://securitytracker.com/id?1020197

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/493080/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/493148/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/493172/100/0/threaded

Source: cve@mitre.org

http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1744

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30556

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201209-25.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/3922

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1020197

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/493080/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/493148/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/493172/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/1744

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688

Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.1%

30th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

vmware

Related CVEs

CVE-2026-42615 7.2

CVE-2026-23773 4.3

CVE-2026-40560 N/A

CVE-2026-7363 N/A

CVE-2026-7361 N/A