Lucene search

K
saintSAINT CorporationSAINT:092CCADCD54055AA90CBF9B7C75E184A
HistorySep 25, 2007 - 12:00 a.m.

VMware vielib.dll StartProcess command execution

2007-09-2500:00:00
SAINT Corporation
www.saintcorporation.com
12

0.915 High

EPSS

Percentile

98.6%

Added: 09/25/2007
CVE: CVE-2007-4058
BID: 25118
OSVDB: 42078

Background

VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system.

Problem

The StartProcess function in the **vielib.dll** library included in VMware 6.0.0 allows execution of shell commands without checking whether the caller is legitimate. This could allow command execution when a user loads an attacker’s web page in Internet Explorer.

Resolution

Set the kill bit for Class ID 7B9C5422-39AA-4C21-BEEF-645E42EB4529 as described in Microsoft Knowledge Base Article 240797, or unregister vielib.dll using regsvr32.

References

<http://www.milw0rm.com/exploits/4244&gt;

Limitations

Exploit works on VMware Workstation 6.0.0 on Windows XP.

Since this exploit uses TFTP, the SAINTexploit host must be able to bind to port 69/UDP.

This exploit requires the PERL threads module to be installed on the SAINTexploit host.

Platforms

Windows

0.915 High

EPSS

Percentile

98.6%

Related for SAINT:092CCADCD54055AA90CBF9B7C75E184A