製品・ソフトウェアに関する情報

JVN脆弱性詳細

VMware Workstation などの Reconfig.DLL における vmount2.exe がサービス運用妨害 (DoS) 状態となる脆弱性

Title	VMware Workstation などの Reconfig.DLL における vmount2.exe がサービス運用妨害 (DoS) 状態となる脆弱性
Summary	VMware Workstation、VMware Player、VMware ACE、および VMware Server の Reconfig.DLL の特定の ActiveX コントロールは、ConnectPopulatedDiskEx 関数に関する処理に不備があるため、Virtual Disk Mount Service (vmount2.exe) がサービス運用妨害 (DoS) 状態となる脆弱性が存在します。
Possible impacts	ローカルユーザにより、Virtual Disk Mount Service (vmount2.exe) をサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 12, 2007, midnight
Registration Date	Dec. 20, 2012, 6:33 p.m.
Last Update	Dec. 20, 2012, 6:33 p.m.

CVSS2.0 : 注意
Score	1.9
Vector	AV:L/AC:M/Au:N/C:N/I:N/A:P

Affected System

VMware

VMware ACE 1.0.7 build 108880 未満の 1.x、および 2.0.5 build 109488 未満の 2.x

VMware Player 1.0.8 build 108000 未満の 1.x、および 2.0.5 build 109488 未満の 2.x

VMware Server 1.0.7 build 108231 未満

VMware Workstation 5.5.8 build 108000 未満の 5.5.x、および 6.0.5 build 109488 未満の 6.0.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-5438	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5438
National Vulnerability Database (NVD)
2	CVE-2007-5438	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5438

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
VMware
1	Workstation 5.5 Release Notes	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-5438

Summary	Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.
Summary	Vulnerabilidad no especificada en un cierto control ActiveX en Reconfig.DLL en VMware Workstation 5.5.x anteriores al 5.5.8 build 108000, VMware Workstation versiones 6.0.x anteriores a 6.0.5 build 109488, VMware Player versiones 1.x anteriores a 1.0.8 build 108000, VMware Player versiones 2.x anteriores a 2.0.5 build 109488, VMware ACE versiones 1.x anteriores a 1.0.7 build 108880, VMware ACE versiones 2.x anteriores a 2.0.5 build 109488 y VMware Server versiones anteriores a 1.0.7 build 108231, podría permitir a usuarios locales una denegación de servicio al Virtual Disk Mount Service (vmount2.exe), relacionado con la función ConnectPopulatedDiskEx.
Publication Date	Oct. 13, 2007, 10:17 a.m.
Registration Date	Jan. 29, 2021, 2:21 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:vmware:ace:1.0:::::::*
cpe:2.3:a:vmware:ace:1.0.1:::::::*
cpe:2.3:a:vmware:ace:1.0.2:::::::*
cpe:2.3:a:vmware:ace:1.0.3:::::::*
cpe:2.3:a:vmware:ace:1.0.4:::::::*
cpe:2.3:a:vmware:ace:1.0.5:::::::*
cpe:2.3:a:vmware:ace:1.0.6:::::::*
cpe:2.3:a:vmware:ace:1.0.7:::::::*
cpe:2.3:a:vmware:ace:2.0:::::::*
cpe:2.3:a:vmware:ace:2.0.1:::::::*
cpe:2.3:a:vmware:ace:2.0.2:::::::*
cpe:2.3:a:vmware:ace:2.0.3:::::::*
cpe:2.3:a:vmware:ace:2.0.4:::::::*
cpe:2.3:a:vmware:ace:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.0:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.7:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.8:::::::*
cpe:2.3:a:vmware:vmware_player:2.0:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_server::::::::		1.0.7
cpe:2.3:a:vmware:vmware_server:1.0:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.7:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.8:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.5:::::::*

Related information, measures and tools

No	URL	refsource
1	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html	cve@mitre.org
2	http://osvdb.org/43488	cve@mitre.org
3	http://secunia.com/advisories/31707	cve@mitre.org
4	http://secunia.com/advisories/31708	cve@mitre.org
5	http://secunia.com/advisories/31709	cve@mitre.org
6	http://secunia.com/advisories/31710	cve@mitre.org
7	http://securityreason.com/securityalert/3219	cve@mitre.org
8	http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf	cve@mitre.org
9	http://www.securityfocus.com/archive/1/482021/100/0/threaded	cve@mitre.org
10	http://www.securityfocus.com/archive/1/495869/100/0/threaded	cve@mitre.org
11	http://www.securityfocus.com/bid/26025	cve@mitre.org
12	http://www.securitytracker.com/id?1020791	cve@mitre.org
13	http://www.vmware.com/security/advisories/VMSA-2008-0014.html	cve@mitre.org
14	http://www.vmware.com/support/ace/doc/releasenotes_ace.html	cve@mitre.org
15	http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	cve@mitre.org
16	http://www.vmware.com/support/player/doc/releasenotes_player.html	cve@mitre.org
17	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	cve@mitre.org
18	http://www.vmware.com/support/server/doc/releasenotes_server.html	cve@mitre.org
19	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	cve@mitre.org
20	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	cve@mitre.org
21	http://www.vupen.com/english/advisories/2008/2466	cve@mitre.org
22	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html	af854a3a-2127-422b-91ae-364da2661108
23	http://osvdb.org/43488	af854a3a-2127-422b-91ae-364da2661108
24	http://secunia.com/advisories/31707	af854a3a-2127-422b-91ae-364da2661108
25	http://secunia.com/advisories/31708	af854a3a-2127-422b-91ae-364da2661108
26	http://secunia.com/advisories/31709	af854a3a-2127-422b-91ae-364da2661108
27	http://secunia.com/advisories/31710	af854a3a-2127-422b-91ae-364da2661108
28	http://securityreason.com/securityalert/3219	af854a3a-2127-422b-91ae-364da2661108
29	http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf	af854a3a-2127-422b-91ae-364da2661108
30	http://www.securityfocus.com/archive/1/482021/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
31	http://www.securityfocus.com/archive/1/495869/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
32	http://www.securityfocus.com/bid/26025	af854a3a-2127-422b-91ae-364da2661108
33	http://www.securitytracker.com/id?1020791	af854a3a-2127-422b-91ae-364da2661108
34	http://www.vmware.com/security/advisories/VMSA-2008-0014.html	af854a3a-2127-422b-91ae-364da2661108
35	http://www.vmware.com/support/ace/doc/releasenotes_ace.html	af854a3a-2127-422b-91ae-364da2661108
36	http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	af854a3a-2127-422b-91ae-364da2661108
37	http://www.vmware.com/support/player/doc/releasenotes_player.html	af854a3a-2127-422b-91ae-364da2661108
38	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	af854a3a-2127-422b-91ae-364da2661108
39	http://www.vmware.com/support/server/doc/releasenotes_server.html	af854a3a-2127-422b-91ae-364da2661108
40	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	af854a3a-2127-422b-91ae-364da2661108
41	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	af854a3a-2127-422b-91ae-364da2661108
42	http://www.vupen.com/english/advisories/2008/2466	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:vmware:ace:1.0:::::::*
cpe:2.3:a:vmware:ace:1.0.1:::::::*
cpe:2.3:a:vmware:ace:1.0.2:::::::*
cpe:2.3:a:vmware:ace:1.0.3:::::::*
cpe:2.3:a:vmware:ace:1.0.4:::::::*
cpe:2.3:a:vmware:ace:1.0.5:::::::*
cpe:2.3:a:vmware:ace:1.0.6:::::::*
cpe:2.3:a:vmware:ace:1.0.7:::::::*
cpe:2.3:a:vmware:ace:2.0:::::::*
cpe:2.3:a:vmware:ace:2.0.1:::::::*
cpe:2.3:a:vmware:ace:2.0.2:::::::*
cpe:2.3:a:vmware:ace:2.0.3:::::::*
cpe:2.3:a:vmware:ace:2.0.4:::::::*
cpe:2.3:a:vmware:ace:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.0:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.7:::::::*
cpe:2.3:a:vmware:vmware_player:1.0.8:::::::*
cpe:2.3:a:vmware:vmware_player:2.0:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.1:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.2:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.3:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.4:::::::*
cpe:2.3:a:vmware:vmware_player:2.0.5:::::::*
cpe:2.3:a:vmware:vmware_server::::::::		1.0.7
cpe:2.3:a:vmware:vmware_server:1.0:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.1:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.2:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.3:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.4:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.5:::::::*
cpe:2.3:a:vmware:vmware_server:1.0.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.6:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.7:::::::*
cpe:2.3:a:vmware:vmware_workstation:5.5.8:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.3:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.4:::::::*
cpe:2.3:a:vmware:vmware_workstation:6.0.5:::::::*