Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5458

Overview

Vulnerability Score 8.3 8.3
CVE Id CVE-2012-5458
Last Modified 19 Nov 2012 11:50:48
Published 14 Nov 2012 07:30:59
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5458

Summary

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.

Vulnerable Systems

Application

  • Vmware Player 4.0

  • Vmware Player 4.0.0.18997

  • Vmware Player 4.0.1

  • Vmware Player 4.0.2

  • Vmware Player 4.0.3

  • Vmware Player 4.0.4

  • Vmware Workstation 8.0

  • Vmware Workstation 8.0.0.18997

  • Vmware Workstation 8.0.1

  • Vmware Workstation 8.0.1.27038

  • Vmware Workstation 8.0.2

  • Vmware Workstation 8.0.3

  • Vmware Workstation 8.0.4


References

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2012-0015.html

XF - workstation-player-priv-esc(79924)

BID - 56469

OSVDB - 87118

Related Patches

VMware VMSA-2013-0002 VMSA-2012-0015 VMware Workstation 8.0.5 for Windows (Update) (All Languages) (See Notes) (Rev 3)

VMware VMSA-2012-0015 VMware Player 4.0.5 for Windows (Update) (All Languages) (See Notes) (Rev 2)


Last Updated: 27 May 2016 10:58:27