PT-2014-4670 · Vmware · Vmware Player+1

Published

2014-04-15

Updated

2014-04-16

CVE-2014-2384

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions VMware Workstation version 10.0.1 build 1379776 VMware Player version 6.0.1 build 1379776

Description The issue allows local users to cause a denial of service, resulting in a read access violation and system crash, via a crafted buffer in an IOCTL call. The vendor has rated this issue as non-exploitable.

Recommendations For VMware Workstation version 10.0.1 build 1379776, consider restricting access to the vmx86.sys driver to minimize the risk of exploitation. For VMware Player version 6.0.1 build 1379776, consider restricting access to the vmx86.sys driver to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2014-2384

Affected Products

Vmware Player

Vmware Workstation

PT-2014-4670 · Vmware · Vmware Player+1

CVE-2014-2384

Weakness Enumeration

Related Identifiers

Affected Products

References · 4