SAINT CorporationSAINT:2ED2FA54785D11B3FF326DE472ECE340VMware vielib.dll StartProcess command execution
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.905 High
EPSS
Percentile
98.8%
Added: 09/25/2007
CVE: CVE-2007-4058
BID: 25118
OSVDB: 42078
Background
VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system.
Problem
The StartProcess function in the **vielib.dll** library included in VMware 6.0.0 allows execution of shell commands without checking whether the caller is legitimate. This could allow command execution when a user loads an attacker’s web page in Internet Explorer.
Resolution
Set the kill bit for Class ID 7B9C5422-39AA-4C21-BEEF-645E42EB4529 as described in Microsoft Knowledge Base Article 240797, or unregister vielib.dll using regsvr32.
References
<http://www.milw0rm.com/exploits/4244>
Limitations
Exploit works on VMware Workstation 6.0.0 on Windows XP.
Since this exploit uses TFTP, the SAINTexploit host must be able to bind to port 69/UDP.
This exploit requires the PERL threads module to be installed on the SAINTexploit host.
Platforms
Windows
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.905 High
EPSS
Percentile
98.8%