CVE-2012-1666

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
vmwareworkstation
𝑥
≤ 8.0.3
vmwareworkstation
8.0
vmwareworkstation
8.0.0.18997
vmwareworkstation
8.0.1
vmwareworkstation
8.0.1.27038
vmwareworkstation
8.0.2
vmwareplayer
𝑥
≤ 4.0.3
vmwareplayer
4.0
vmwareplayer
4.0.0.18997
vmwareplayer
4.0.1
vmwareplayer
4.0.2
vmwarefusion
𝑥
≤ 4.1.1
vmwarefusion
4.0
vmwarefusion
4.0.1
vmwarefusion
4.0.2
vmwarefusion
4.1
vmwareview
𝑥
≤ 5.0
vmwareview
4.6.0
vmwareesx
4.1
vmwareesx
5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vmware-view-client
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
dne
vmware-view-open-client
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
dne
References
http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html
https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity
http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html
https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity