Published: 12/04/2010 Updated: 15/05/2013

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x prior to 6.5.4 build 246459, VMware Player 2.5.x prior to 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x prior to 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware workstation 6.5.3
vmware workstation 6.5.0
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware player 2.5.1
vmware player 2.5.2
vmware player 2.5
vmware player 2.5.3
vmware server 2.0.1
vmware server 2.0.2
vmware server 2.0.0
vmware fusion 2.0.4
vmware fusion 2.0.5
vmware fusion 2.0.6
vmware fusion 2.0.1
vmware fusion 2.0.2
vmware fusion 2.0.3
vmware fusion 2.0
vmware vix api 1.6.0
vmware vix api 1.6.1

CWE-134 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://secunia.com/advisories/39201 http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://www.vmware.com/security/advisories/VMSA-2010-0007.html http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://www.securityfocus.com/bid/39407 http://www.securitytracker.com/id?1023835 http://osvdb.org/63606 http://security.gentoo.org/glsa/glsa-201209-25.xml https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1139

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect