CVE-2010-1141

EUVD-2010-1172

12.04.2010, 18:30

VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.5 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:S/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Affected Products (NVD)

Vendor	Product	Version
vmware	workstation	6.5.0
vmware	workstation	6.5.1
vmware	workstation	6.5.2
vmware	workstation	6.5.3
vmware	player	2.5
vmware	player	2.5.1
vmware	player	2.5.2
vmware	player	2.5.3
vmware	ace	2.5.0
vmware	ace	2.5.1
vmware	ace	2.5.2
vmware	ace	2.5.3
vmware	server	2.0.0
vmware	server	2.0.1
vmware	server	2.0.2
vmware	fusion	2.0
vmware	fusion	2.0.1
vmware	fusion	2.0.2
vmware	fusion	2.0.3
vmware	fusion	2.0.4
vmware	fusion	2.0.5
vmware	fusion	3.0
vmware	esxi	3.5
vmware	esxi	4.0
vmware	esx	2.5.5
vmware	esx	3.0.3
vmware	esx	3.5
vmware	esx	4.0