製品・ソフトウェアに関する情報

JVN脆弱性詳細

VMware Workstation などの Reconfig.DLL における vmount2.exe がサービス運用妨害 (DoS) 状態となる脆弱性

タイトル	VMware Workstation などの Reconfig.DLL における vmount2.exe がサービス運用妨害 (DoS) 状態となる脆弱性
概要	VMware Workstation、VMware Player、VMware ACE、および VMware Server の Reconfig.DLL の特定の ActiveX コントロールは、ConnectPopulatedDiskEx 関数に関する処理に不備があるため、Virtual Disk Mount Service (vmount2.exe) がサービス運用妨害 (DoS) 状態となる脆弱性が存在します。
想定される影響	ローカルユーザにより、Virtual Disk Mount Service (vmount2.exe) をサービス運用妨害 (DoS) 状態にされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2007年10月12日0:00
登録日	2012年12月20日18:33
最終更新日	2012年12月20日18:33

CVSS2.0 : 注意
スコア	1.9
ベクター	AV:L/AC:M/Au:N/C:N/I:N/A:P

影響を受けるシステム

VMware

VMware ACE 1.0.7 build 108880 未満の 1.x、および 2.0.5 build 109488 未満の 2.x

VMware Player 1.0.8 build 108000 未満の 1.x、および 2.0.5 build 109488 未満の 2.x

VMware Server 1.0.7 build 108231 未満

VMware Workstation 5.5.8 build 108000 未満の 5.5.x、および 6.0.5 build 109488 未満の 6.0.x

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-5438	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5438
National Vulnerability Database (NVD)
2	CVE-2007-5438	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5438

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	名前	URL
VMware
1	Workstation 5.5 Release Notes	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

変更履歴

No	変更内容	変更日
0	[2012年12月20日] 掲載	2018年2月17日10:37

NVD脆弱性情報

CVE-2007-5438

概要	Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.
概要	Vulnerabilidad no especificada en un cierto control ActiveX en Reconfig.DLL en VMware Workstation 5.5.x anteriores al 5.5.8 build 108000, VMware Workstation versiones 6.0.x anteriores a 6.0.5 build 109488, VMware Player versiones 1.x anteriores a 1.0.8 build 108000, VMware Player versiones 2.x anteriores a 2.0.5 build 109488, VMware ACE versiones 1.x anteriores a 1.0.7 build 108880, VMware ACE versiones 2.x anteriores a 2.0.5 build 109488 y VMware Server versiones anteriores a 1.0.7 build 108231, podría permitir a usuarios locales una denegación de servicio al Virtual Disk Mount Service (vmount2.exe), relacionado con la función ConnectPopulatedDiskEx.
公表日	2007年10月13日10:17
登録日	2021年1月29日14:21
最終更新日	2026年4月23日9:35

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:vmware:ace:1.0:::::::*
cpe:2.3:a:vmware:ace:1.0.1:::::::*
cpe:2.3:a:vmware:ace:1.0.2:::::::*
cpe:2.3:a:vmware:ace:1.0.3:::::::*
cpe:2.3:a:vmware:ace:1.0.4:::::::*
cpe:2.3:a:vmware:ace:1.0.5:::::::*
cpe:2.3:a:vmware:ace:1.0.6:::::::*
cpe:2.3:a:vmware:ace:1.0.7:::::::*
cpe:2.3:a:vmware:ace:2.0:::::::*
cpe:2.3:a:vmware:ace:2.0.1:::::::*
cpe:2.3:a:vmware:ace:2.0.2:::::::*
cpe:2.3:a:vmware:ace:2.0.3:::::::*
cpe:2.3:a:vmware:ace:2.0.4:::::::*
cpe:2.3:a:vmware:ace:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.0:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.7:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.8:::::::*
cpe:2.3:a:vmware:vmware_player:2.0:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_server::::::::		1.0.7
cpe:2.3:a:vmware:vmware_server:1.0:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.7:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.8:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.5:::::::*

関連情報、対策とツール

No	URL	refsource
1	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html	cve@mitre.org
2	http://osvdb.org/43488	cve@mitre.org
3	http://secunia.com/advisories/31707	cve@mitre.org
4	http://secunia.com/advisories/31708	cve@mitre.org
5	http://secunia.com/advisories/31709	cve@mitre.org
6	http://secunia.com/advisories/31710	cve@mitre.org
7	http://securityreason.com/securityalert/3219	cve@mitre.org
8	http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf	cve@mitre.org
9	http://www.securityfocus.com/archive/1/482021/100/0/threaded	cve@mitre.org
10	http://www.securityfocus.com/archive/1/495869/100/0/threaded	cve@mitre.org
11	http://www.securityfocus.com/bid/26025	cve@mitre.org
12	http://www.securitytracker.com/id?1020791	cve@mitre.org
13	http://www.vmware.com/security/advisories/VMSA-2008-0014.html	cve@mitre.org
14	http://www.vmware.com/support/ace/doc/releasenotes_ace.html	cve@mitre.org
15	http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	cve@mitre.org
16	http://www.vmware.com/support/player/doc/releasenotes_player.html	cve@mitre.org
17	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	cve@mitre.org
18	http://www.vmware.com/support/server/doc/releasenotes_server.html	cve@mitre.org
19	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	cve@mitre.org
20	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	cve@mitre.org
21	http://www.vupen.com/english/advisories/2008/2466	cve@mitre.org
22	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html	af854a3a-2127-422b-91ae-364da2661108
23	http://osvdb.org/43488	af854a3a-2127-422b-91ae-364da2661108
24	http://secunia.com/advisories/31707	af854a3a-2127-422b-91ae-364da2661108
25	http://secunia.com/advisories/31708	af854a3a-2127-422b-91ae-364da2661108
26	http://secunia.com/advisories/31709	af854a3a-2127-422b-91ae-364da2661108
27	http://secunia.com/advisories/31710	af854a3a-2127-422b-91ae-364da2661108
28	http://securityreason.com/securityalert/3219	af854a3a-2127-422b-91ae-364da2661108
29	http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf	af854a3a-2127-422b-91ae-364da2661108
30	http://www.securityfocus.com/archive/1/482021/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
31	http://www.securityfocus.com/archive/1/495869/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
32	http://www.securityfocus.com/bid/26025	af854a3a-2127-422b-91ae-364da2661108
33	http://www.securitytracker.com/id?1020791	af854a3a-2127-422b-91ae-364da2661108
34	http://www.vmware.com/security/advisories/VMSA-2008-0014.html	af854a3a-2127-422b-91ae-364da2661108
35	http://www.vmware.com/support/ace/doc/releasenotes_ace.html	af854a3a-2127-422b-91ae-364da2661108
36	http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	af854a3a-2127-422b-91ae-364da2661108
37	http://www.vmware.com/support/player/doc/releasenotes_player.html	af854a3a-2127-422b-91ae-364da2661108
38	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	af854a3a-2127-422b-91ae-364da2661108
39	http://www.vmware.com/support/server/doc/releasenotes_server.html	af854a3a-2127-422b-91ae-364da2661108
40	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	af854a3a-2127-422b-91ae-364da2661108
41	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	af854a3a-2127-422b-91ae-364da2661108
42	http://www.vupen.com/english/advisories/2008/2466	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

構成1	以上	以下	より上	未満
cpe:2.3:a:vmware:ace:1.0:::::::*
cpe:2.3:a:vmware:ace:1.0.1:::::::*
cpe:2.3:a:vmware:ace:1.0.2:::::::*
cpe:2.3:a:vmware:ace:1.0.3:::::::*
cpe:2.3:a:vmware:ace:1.0.4:::::::*
cpe:2.3:a:vmware:ace:1.0.5:::::::*
cpe:2.3:a:vmware:ace:1.0.6:::::::*
cpe:2.3:a:vmware:ace:1.0.7:::::::*
cpe:2.3:a:vmware:ace:2.0:::::::*
cpe:2.3:a:vmware:ace:2.0.1:::::::*
cpe:2.3:a:vmware:ace:2.0.2:::::::*
cpe:2.3:a:vmware:ace:2.0.3:::::::*
cpe:2.3:a:vmware:ace:2.0.4:::::::*
cpe:2.3:a:vmware:ace:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.0:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.7:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.8:::::::*
cpe:2.3:a:vmware:vmware_player:2.0:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_server::::::::		1.0.7
cpe:2.3:a:vmware:vmware_server:1.0:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.7:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.8:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.5:::::::*