Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2450

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2012-2450
Last Modified 02 Nov 2013 11:24:10
Published 04 May 2012 12:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-2450

Summary

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

Vulnerable Systems

Operating System

  • Vmware Esx 3.5

  • Vmware Esx 4.0

  • Vmware Esx 4.1

  • Vmware Esxi 3.5

  • Vmware Esxi 4.0

  • Vmware Esxi 4.1

  • Vmware Esxi 5.0

Application

  • Vmware Fusion 4.0

  • Vmware Fusion 4.0.1

  • Vmware Fusion 4.0.2

  • Vmware Fusion 4.1

  • Vmware Fusion 4.1.1

  • Vmware Player 4.0

  • Vmware Player 4.0.1

  • Vmware Player 4.0.2

  • Vmware Workstation 8.0

  • Vmware Workstation 8.0.1

  • Vmware Workstation 8.0.2


References

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2012-0009.html

Related Patches

VMware VMSA-2012-0011 VMSA-2012-0009.2 VMSA-2012-0007.1 VMware Workstation 7.1.6 for Windows (Update) (See Notes)(Rev 2)

VMware VMSA-2012-0011 VMSA-2012-0009.2 VMSA-2012-0007.1 VMware Player 3.1.6 for Windows (Update) (See Notes) (Rev 2)

VMware VMSA-2012-0011 VMSA-2012-0009.2 VMware Fusion 4.1.3 for Mac (See Notes)

VMware VMSA-2012-0009 VMware Player 4.0.3 for Windows (Update) (All Languages) (See Notes)

VMware VMSA-2012-0009 VMware Workstation 8.0.3 for Windows (Update) (All Languages) (See Notes)


Last Updated: 27 May 2016 10:57:32