CVE-2010-1139 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.2 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Affected Products (NVD)

Vendor	Product	Version
vmware	workstation	6.5.0
vmware	workstation	6.5.1
vmware	workstation	6.5.2
vmware	workstation	6.5.3
vmware	player	2.5
vmware	player	2.5.1
vmware	player	2.5.2
vmware	player	2.5.3
vmware	server	2.0.0
vmware	server	2.0.1
vmware	server	2.0.2
vmware	fusion	2.0
vmware	fusion	2.0.1
vmware	fusion	2.0.2
vmware	fusion	2.0.3
vmware	fusion	2.0.4
vmware	fusion	2.0.5
vmware	fusion	2.0.6
vmware	vix_api	1.6.0
vmware	vix_api	1.6.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

http://lists.vmware.com/pipermail/security-announce/2010/000090.html

http://osvdb.org/63606

http://secunia.com/advisories/39201

http://secunia.com/advisories/39206

http://secunia.com/advisories/39215

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://www.securityfocus.com/bid/39407

http://www.securitytracker.com/id?1023835

http://www.vmware.com/security/advisories/VMSA-2010-0007.html

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

http://lists.vmware.com/pipermail/security-announce/2010/000090.html

http://osvdb.org/63606

http://secunia.com/advisories/39201

http://secunia.com/advisories/39206

http://secunia.com/advisories/39215

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://www.securityfocus.com/bid/39407

http://www.securitytracker.com/id?1023835

http://www.vmware.com/security/advisories/VMSA-2010-0007.html