CVE-2007-5438 (CNNVD-200710-231)

LOW
中文标题:
VMware虚拟磁盘加载服务Reconfig.DLL本地拒绝服务漏洞
英文标题:
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x b...
CVSS分数: 1.9
发布时间: 2007-10-13 01:00:00
漏洞类型: 授权问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare所提供的Reconfig.DLL库(ConnectPopulatedDiskEx函数)中存在安全漏洞,本地攻击者可能利用此漏洞导致拒绝服务。 如果用户受骗加载了恶意的磁盘镜像的话,就会导致VMWare的虚拟磁盘加载服务(vmount2.exe)拒绝服务。

英文描述:

Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.

CWE类型:
CWE-20
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
vmware ace 1.0 - - cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*
vmware ace 1.0.1 - - cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*
vmware ace 1.0.2 - - cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*
vmware ace 1.0.3 - - cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*
vmware ace 1.0.4 - - cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*
vmware ace 1.0.5 - - cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*
vmware ace 1.0.6 - - cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*
vmware ace 1.0.7 - - cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*
vmware ace 2.0 - - cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*
vmware ace 2.0.1 - - cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*
vmware ace 2.0.2 - - cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*
vmware ace 2.0.3 - - cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*
vmware ace 2.0.4 - - cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*
vmware ace 2.0.5 - - cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*
vmware vmware_player 1.0.0 - - cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*
vmware vmware_player 1.0.1 - - cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*
vmware vmware_player 1.0.2 - - cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*
vmware vmware_player 1.0.3 - - cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*
vmware vmware_player 1.0.4 - - cpe:2.3:a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:*
vmware vmware_player 1.0.5 - - cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*
vmware vmware_player 1.0.6 - - cpe:2.3:a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:*
vmware vmware_player 1.0.7 - - cpe:2.3:a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:*
vmware vmware_player 1.0.8 - - cpe:2.3:a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:*
vmware vmware_player 2.0 - - cpe:2.3:a:vmware:vmware_player:2.0:*:*:*:*:*:*:*
vmware vmware_player 2.0.1 - - cpe:2.3:a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:*
vmware vmware_player 2.0.2 - - cpe:2.3:a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:*
vmware vmware_player 2.0.3 - - cpe:2.3:a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:*
vmware vmware_player 2.0.4 - - cpe:2.3:a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:*
vmware vmware_player 2.0.5 - - cpe:2.3:a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:*
vmware vmware_server * - - cpe:2.3:a:vmware:vmware_server:*:*:*:*:*:*:*:*
vmware vmware_server 1.0 - - cpe:2.3:a:vmware:vmware_server:1.0:*:*:*:*:*:*:*
vmware vmware_server 1.0.1 - - cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*
vmware vmware_server 1.0.2 - - cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*
vmware vmware_server 1.0.3 - - cpe:2.3:a:vmware:vmware_server:1.0.3:*:*:*:*:*:*:*
vmware vmware_server 1.0.4 - - cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*
vmware vmware_server 1.0.5 - - cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*
vmware vmware_server 1.0.6 - - cpe:2.3:a:vmware:vmware_server:1.0.6:*:*:*:*:*:*:*
vmware vmware_workstation 5.5.0 - - cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*
vmware vmware_workstation 5.5.1 - - cpe:2.3:a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:*
vmware vmware_workstation 5.5.2 - - cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*
vmware vmware_workstation 5.5.3 - - cpe:2.3:a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:*
vmware vmware_workstation 5.5.4 - - cpe:2.3:a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:*
vmware vmware_workstation 5.5.5 - - cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
vmware vmware_workstation 5.5.6 - - cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*
vmware vmware_workstation 5.5.7 - - cpe:2.3:a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:*
vmware vmware_workstation 5.5.8 - - cpe:2.3:a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:*
vmware vmware_workstation 6.0 - - cpe:2.3:a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:*
vmware vmware_workstation 6.0.1 - - cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
vmware vmware_workstation 6.0.2 - - cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*
vmware vmware_workstation 6.0.3 - - cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*
vmware vmware_workstation 6.0.4 - - cpe:2.3:a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:*
vmware vmware_workstation 6.0.5 - - cpe:2.3:a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
43488 vdb-entry
cve.org
访问
3219 third-party-advisory
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
31709 third-party-advisory
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
1020791 vdb-entry
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
31710 third-party-advisory
cve.org
访问
20071010 [ELEYTT] 10PAZDZIERNIK2007 mailing-list
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
26025 vdb-entry
cve.org
访问
20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. mailing-list
cve.org
访问
20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. mailing-list
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
31707 third-party-advisory
cve.org
访问
31708 third-party-advisory
cve.org
访问
ADV-2008-2466 vdb-entry
cve.org
访问
CVSS评分详情
1.9
LOW
CVSS向量: AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSS版本: 2.0
机密性
NONE
完整性
NONE
可用性
PARTIAL
时间信息
发布时间:
2007-10-13 01:00:00
修改时间:
2024-08-07 15:31:58
创建时间:
2025-11-11 15:32:47
更新时间:
2025-11-11 15:49:21
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2007-5438 2025-11-11 15:17:56 2025-11-11 07:32:47
NVD nvd_CVE-2007-5438 2025-11-11 14:52:12 2025-11-11 07:41:33
CNNVD cnnvd_CNNVD-200710-231 2025-11-11 15:08:58 2025-11-11 07:49:21
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:49:21
vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200710-231; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 授权问题
  • cnnvd_id: 未提取 -> CNNVD-200710-231
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:41:33
severity: SeverityLevel.MEDIUM → SeverityLevel.LOW; cvss_score: 未提取 → 1.9; cvss_vector: NOT_EXTRACTED → AV:L/AC:M/Au:N/C:N/I:N/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 52; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.LOW
  • cvss_score: 未提取 -> 1.9
  • cvss_vector: NOT_EXTRACTED -> AV:L/AC:M/Au:N/C:N/I:N/A:P
  • cvss_version: NOT_EXTRACTED -> 2.0
  • affected_products_count: 0 -> 52
  • data_sources: ['cve'] -> ['cve', 'nvd']