CVE-2012-1666

EUVD-2012-1676
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
vmwareworkstation
𝑥
≤ 8.0.3
vmwareworkstation
8.0
vmwareworkstation
8.0.0.18997
vmwareworkstation
8.0.1
vmwareworkstation
8.0.1.27038
vmwareworkstation
8.0.2
vmwareplayer
𝑥
≤ 4.0.3
vmwareplayer
4.0
vmwareplayer
4.0.0.18997
vmwareplayer
4.0.1
vmwareplayer
4.0.2
vmwarefusion
𝑥
≤ 4.1.1
vmwarefusion
4.0
vmwarefusion
4.0.1
vmwarefusion
4.0.2
vmwarefusion
4.1
vmwareview
𝑥
≤ 5.0
vmwareview
4.6.0
vmwareesx
4.1
vmwareesx
5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vmware-view-client
hardy
dne
lucid
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
vmware-view-open-client
hardy
dne
lucid
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
References
http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html
https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity
http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html
https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity