Lucene search

MitreCVE-2009-2267

HistoryNov 02, 2009 - 3:30 p.m.

CVE-2009-2267

2009-11-0215:30:00

mitre

web.nvd.nist.gov

vmware

vulnerability

privilege escalation

cve-2009-2267

nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.

Affected configurations

Nvd

Node

vmwareaceMatch2.5.0

vmwareaceMatch2.5.1

vmwareaceMatch2.5.2

vmwareesxMatch2.5.5

vmwareesxMatch3.0.3

vmwareesxMatch3.5

vmwareesxMatch4.0

vmwareesxiMatch3.5

vmwareesxiMatch4.0

vmwarefusionMatch2.0

vmwarefusionMatch2.0.1

vmwarefusionMatch2.0.2

vmwarefusionMatch2.0.3

vmwarefusionMatch2.0.4

vmwarefusionMatch2.0.5

vmwareplayerMatch2.5

vmwareplayerMatch2.5.1

vmwareplayerMatch2.5.2

vmwareserverMatch1.0

vmwareserverMatch1.0.1

vmwareserverMatch1.0.2

vmwareserverMatch1.0.3

vmwareserverMatch1.0.4

vmwareserverMatch1.0.5

vmwareserverMatch1.0.6

vmwareserverMatch1.0.7

vmwareserverMatch1.0.8

vmwareserverMatch1.0.9

vmwareserverMatch2.0

vmwareserverMatch2.0rc2

vmwareserverMatch2.0.1

vmwareworkstationMatch6.5.0

vmwareworkstationMatch6.5.1

vmwareworkstationMatch6.5.2

VendorProductVersionCPE
vmwareace2.5.0cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*
vmwareace2.5.1cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*
vmwareace2.5.2cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*
vmwareesx2.5.5cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*
vmwareesx3.0.3cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*
vmwareesx3.5cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*
vmwareesx4.0cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
vmwareesxi3.5cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
vmwareesxi4.0cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
vmwarefusion2.0cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	ace	2.5.0	cpe:2.3:a:vmware:ace:2.5.0:::::::*
vmware	ace	2.5.1	cpe:2.3:a:vmware:ace:2.5.1:::::::*
vmware	ace	2.5.2	cpe:2.3:a:vmware:ace:2.5.2:::::::*
vmware	esx	2.5.5	cpe:2.3:a:vmware:esx:2.5.5:::::::*
vmware	esx	3.0.3	cpe:2.3:a:vmware:esx:3.0.3:::::::*
vmware	esx	3.5	cpe:2.3:a:vmware:esx:3.5:::::::*
vmware	esx	4.0	cpe:2.3:a:vmware:esx:4.0:::::::*
vmware	esxi	3.5	cpe:2.3:a:vmware:esxi:3.5:::::::*
vmware	esxi	4.0	cpe:2.3:a:vmware:esxi:4.0:::::::*
vmware	fusion	2.0	cpe:2.3:a:vmware:fusion:2.0:::::::*