CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
69.5%
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | workstation | 6.5.0 | cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:* |
vmware | workstation | 6.5.1 | cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:* |
vmware | workstation | 6.5.2 | cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:* |
vmware | workstation | 6.5.3 | cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:* |
microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
vmware | player | 2.5 | cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:* |
vmware | player | 2.5.1 | cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:* |
vmware | player | 2.5.2 | cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:* |
vmware | player | 2.5.3 | cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:* |
vmware | ace | 2.5.0 | cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
lists.vmware.com/pipermail/security-announce/2010/000090.html
secunia.com/advisories/39198
secunia.com/advisories/39206
security.gentoo.org/glsa/glsa-201209-25.xml
www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt
www.securityfocus.com/bid/39394
www.securitytracker.com/id?1023832
www.securitytracker.com/id?1023833
www.vmware.com/security/advisories/VMSA-2010-0007.html