PT-2010-2855 · Vmware · Vmware Server+4
Published
2010-04-12
·
Updated
2013-05-15
·
CVE-2010-1139
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware VIX API versions 1.6.x
VMware Workstation versions 6.5.x through 6.5.3
VMware Player versions 2.5.x through 2.5.3
VMware Server versions 2.x
VMware Fusion versions 2.x through 2.0.6
Description
A format string issue in vmrun allows local users to gain privileges via format string specifiers in process metadata.
Recommendations
For VMware VIX API version 1.6.x, update to a version that includes the fix for this issue.
For VMware Workstation versions 6.5.x through 6.5.3, update to version 6.5.4 build 246459 or later.
For VMware Player versions 2.5.x through 2.5.3, update to version 2.5.4 build 246459 or later.
For VMware Server version 2.x, ensure you are running a version that includes the fix for this issue.
For VMware Fusion versions 2.x through 2.0.6, update to version 2.0.7 build 246742 or later.
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Fusion
Vmware Player
Vmware Server
Vmware Vix Api
Vmware Workstation