Added: 09/25/2007
CVE: CVE-2007-4058
BID: 25118
OSVDB: 42078
VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system.
The StartProcess function in the **vielib.dll**
library included in VMware 6.0.0 allows execution of shell commands without checking whether the caller is legitimate. This could allow command execution when a user loads an attacker’s web page in Internet Explorer.
Set the kill bit for Class ID 7B9C5422-39AA-4C21-BEEF-645E42EB4529 as described in Microsoft Knowledge Base Article 240797, or unregister vielib.dll using regsvr32.
<http://www.milw0rm.com/exploits/4244>
Exploit works on VMware Workstation 6.0.0 on Windows XP.
Since this exploit uses TFTP, the SAINTexploit host must be able to bind to port 69/UDP.
This exploit requires the PERL threads module to be installed on the SAINTexploit host.
Windows