CVE-2013-3519

EUVD-2013-3454
lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.9 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
vmwareesxi
4.0
vmwareesxi
4.1
vmwareesxi
5.0
vmwareesxi
5.1
vmwareworkstation
9.0
vmwareworkstation
9.0.1
vmwareworkstation
9.0.2
vmwareesx
4.0
vmwareesx
4.1
vmwareplayer
5.0
vmwareplayer
5.0.1
vmwareplayer
5.0.2
vmwarefusion
5.0
vmwarefusion
5.0.1
vmwarefusion
5.0.2
vmwarefusion
5.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.vmware.com/security/advisories/VMSA-2013-0014.html
http://www.vmware.com/security/advisories/VMSA-2013-0014.html