CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
17.3%
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | workstation | 6.5.0 | cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:* |
vmware | workstation | 6.5.1 | cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:* |
vmware | workstation | 6.5.2 | cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:* |
vmware | workstation | 6.5.3 | cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:* |
vmware | player | 2.5 | cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:* |
vmware | player | 2.5.1 | cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:* |
vmware | player | 2.5.2 | cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:* |
vmware | player | 2.5.3 | cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:* |
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
vmware | server | 2.0.0 | cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
lists.vmware.com/pipermail/security-announce/2010/000090.html
osvdb.org/63606
secunia.com/advisories/39201
secunia.com/advisories/39206
secunia.com/advisories/39215
security.gentoo.org/glsa/glsa-201209-25.xml
www.securityfocus.com/bid/39407
www.securitytracker.com/id?1023835
www.vmware.com/security/advisories/VMSA-2010-0007.html