Published: 28/08/2014 Updated: 29/08/2017

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

VMScore: 418

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation up to and including 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware workstation 10.0.2
vmware workstation
vmware workstation 10.0
vmware workstation 10.0.1
vmware vm-support 0.88
vmware tools

Debian Bug report logs - #770809 open-vm-tools: CVE-2014-4199 CVE-2014-4200 Package: open-vm-tools; Maintainer for open-vm-tools is Bernd Zeimetz <bzed@debianorg>; Source for open-vm-tools is src:open-vm-tools (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 24 Nov 2014 10:12:01 UTC ...

vm-support 088 in VMware Tools, as distributed with VMware Workstation through 1003 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive ...

vm-support version 088 suffers from file overwrite and sensitive information disclosure vulnerabilities ...

CWE-264 http://seclists.org/fulldisclosure/2014/Aug/71 http://www.securitytracker.com/id/1030758 http://www.securityfocus.com/bid/69410 https://exchange.xforce.ibmcloud.com/vulnerabilities/95494 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770809 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-4200

CVE-2014-4200

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect