CVE-2007-0063

Severity CVSS v4.0:

Pending analysis

Type:

CWE-191 Integer Underflow (Wrap or Wraparound)

Publication date:

21/09/2007

Last modified:

09/04/2025

Description

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 10.00 HIGH
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

10.00

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:vmware:ace::::::::	1.0 (including)	1.0.3 (excluding)
cpe:2.3:a:vmware:ace::::::::	2.0 (including)	2.0.1 (excluding)
cpe:2.3:a:vmware:player::::::::	1.0 (including)	1.0.5 (excluding)
cpe:2.3:a:vmware:player::::::::	2.0 (including)	2.0.1 (excluding)
cpe:2.3:a:vmware:server::::::::	1.0 (including)	1.0.4 (excluding)
cpe:2.3:a:vmware:workstation::::::::	5.5 (including)	5.5.5 (excluding)
cpe:2.3:a:vmware:workstation::::::::	6.0 (including)	6.0.1 (excluding)
cpe:2.3:o:vmware:esx:2.0.2:::::::*
cpe:2.3:o:vmware:esx:2.1.3:::::::*
cpe:2.3:o:vmware:esx:2.5.3:::::::*
cpe:2.3:o:vmware:esx:2.5.4:::::::*
cpe:2.3:o:vmware:esx:3.0.0:::::::*
cpe:2.3:o:vmware:esx:3.0.1:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

To consult the complete list of CPE names with products and versions, see this page

CVE-2007-0063

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools