Lucene search

[email protected]CVE-2015-2337

HistoryJun 13, 2015 - 2:59 p.m.

CVE-2015-2337

2015-06-1314:59:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2015-2337

vmware

workstation

player

horizon client

memory allocation

arbitrary code execution

windows

5.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.3%

JSON

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.

Affected configurations

NVD

Node

vmwarefusionMatch6.0

vmwarefusionMatch6.0.1

vmwarefusionMatch6.0.2

vmwarefusionMatch6.0.3

vmwarefusionMatch6.0.4

vmwarefusionMatch6.0.5

vmwarefusionMatch7.0

vmwarefusionMatch7.0.1

vmwareplayerMatch6.0

vmwareplayerMatch6.0.1

vmwareplayerMatch6.0.2

vmwareplayerMatch6.0.3

vmwareplayerMatch6.0.4

vmwareplayerMatch6.0.5

vmwareplayerMatch7.0

vmwareplayerMatch7.1

vmwareworkstationMatch10.0

vmwareworkstationMatch10.0.1

vmwareworkstationMatch10.0.2

vmwareworkstationMatch10.0.3

vmwareworkstationMatch10.0.4

vmwareworkstationMatch10.0.5

vmwareworkstationMatch11.0

vmwareworkstationMatch11.1

Node

vmwarehorizon_clientMatch3.2.0

vmwarehorizon_clientMatch3.3

vmwarehorizon_view_clientMatch5.4

vmwarehorizon_view_clientMatch5.4.1

AND

microsoftwindows

CPENameOperatorVersion
vmware:fusionvmware fusioneq6.0
vmware:fusionvmware fusioneq6.0.1
vmware:fusionvmware fusioneq6.0.2
vmware:fusionvmware fusioneq6.0.3
vmware:fusionvmware fusioneq6.0.4
vmware:fusionvmware fusioneq6.0.5
vmware:fusionvmware fusioneq7.0
vmware:fusionvmware fusioneq7.0.1
vmware:playervmware playereq6.0
vmware:playervmware playereq6.0.1

CPE	Name	Operator	Version
vmware:fusion	vmware fusion	eq	6.0
vmware:fusion	vmware fusion	eq	6.0.1
vmware:fusion	vmware fusion	eq	6.0.2
vmware:fusion	vmware fusion	eq	6.0.3
vmware:fusion	vmware fusion	eq	6.0.4
vmware:fusion	vmware fusion	eq	6.0.5
vmware:fusion	vmware fusion	eq	7.0
vmware:fusion	vmware fusion	eq	7.0.1
vmware:player	vmware player	eq	6.0
vmware:player	vmware player	eq	6.0.1