PT-2010-2855 · Vmware · Vmware Server+4
Publicado
2010-04-12
·
Atualizado
2013-05-15
·
CVE-2010-1139
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware VIX API versions 1.6.x
VMware Workstation versions 6.5.x through 6.5.3
VMware Player versions 2.5.x through 2.5.3
VMware Server versions 2.x
VMware Fusion versions 2.x through 2.0.6
Description
A format string issue in vmrun allows local users to gain privileges via format string specifiers in process metadata.
Recommendations
For VMware VIX API version 1.6.x, update to a version that includes the fix for this issue.
For VMware Workstation versions 6.5.x through 6.5.3, update to version 6.5.4 build 246459 or later.
For VMware Player versions 2.5.x through 2.5.3, update to version 2.5.4 build 246459 or later.
For VMware Server version 2.x, ensure you are running a version that includes the fix for this issue.
For VMware Fusion versions 2.x through 2.0.6, update to version 2.0.7 build 246742 or later.
Correção
Use of Externally-Controlled Format String
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vmware Fusion
Vmware Player
Vmware Server
Vmware Vix Api
Vmware Workstation