CVE-2014-2384

vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call.  NOTE: the researcher reports "Vendor rated issue as non-exploitable."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
VendorProductVersion
vmwareplayer
6.0.1_build_1379776:_build_1379776
vmwareworkstation
10.0.1_build_1379776:_build_1379776
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2014/Apr/163
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/
http://seclists.org/fulldisclosure/2014/Apr/163
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/