Lucene search

MitreCVE-2010-1139

HistoryApr 12, 2010 - 6:30 p.m.

CVE-2010-1139

2010-04-1218:30:00

CWE-134

mitre

web.nvd.nist.gov

vmware

vix api

format string

vulnerability

privilege escalation

cve-2010-1139

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

Affected configurations

Nvd

Node

vmwareworkstationMatch6.5.0

vmwareworkstationMatch6.5.1

vmwareworkstationMatch6.5.2

vmwareworkstationMatch6.5.3

Node

vmwareplayerMatch2.5

vmwareplayerMatch2.5.1

vmwareplayerMatch2.5.2

AND

vmwareplayerMatch2.5.3

linuxlinux_kernel

Node

vmwareserverMatch2.0.0

vmwareserverMatch2.0.1

vmwareserverMatch2.0.2

AND

linuxlinux_kernel

Node

vmwarefusionMatch2.0

vmwarefusionMatch2.0.1

vmwarefusionMatch2.0.2

vmwarefusionMatch2.0.3

vmwarefusionMatch2.0.4

vmwarefusionMatch2.0.5

vmwarefusionMatch2.0.6

Node

vmwarevix_apiMatch1.6.0

vmwarevix_apiMatch1.6.1

VendorProductVersionCPE
vmwareworkstation6.5.0cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
vmwareworkstation6.5.1cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
vmwareworkstation6.5.2cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
vmwareworkstation6.5.3cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
vmwareplayer2.5cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
vmwareplayer2.5.1cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
vmwareplayer2.5.2cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
vmwareplayer2.5.3cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
vmwareserver2.0.0cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	workstation	6.5.0	cpe:2.3:a:vmware:workstation:6.5.0:::::::*
vmware	workstation	6.5.1	cpe:2.3:a:vmware:workstation:6.5.1:::::::*
vmware	workstation	6.5.2	cpe:2.3:a:vmware:workstation:6.5.2:::::::*
vmware	workstation	6.5.3	cpe:2.3:a:vmware:workstation:6.5.3:::::::*
vmware	player	2.5	cpe:2.3:a:vmware:player:2.5:::::::*
vmware	player	2.5.1	cpe:2.3:a:vmware:player:2.5.1:::::::*
vmware	player	2.5.2	cpe:2.3:a:vmware:player:2.5.2:::::::*
vmware	player	2.5.3	cpe:2.3:a:vmware:player:2.5.3:::::::*
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
vmware	server	2.0.0	cpe:2.3:a:vmware:server:2.0.0:::::::*