CVE-2014-4200

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
vmwaretools
*
vmwarevm-support
0.88
vmwareworkstation
𝑥
≤ 10.0.3
vmwareworkstation
10.0
vmwareworkstation
10.0.1
vmwareworkstation
10.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
open-vm-tools
bullseye (security)
2:11.2.5-2+deb11u3
fixed
bullseye
2:11.2.5-2+deb11u3
fixed
squeeze
no-dsa
wheezy
no-dsa
bookworm
2:12.2.0-1+deb12u2
fixed
bookworm (security)
2:12.2.0-1+deb12u2
fixed
sid
2:12.4.5-1
fixed
trixie
2:12.4.5-1
fixed
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2014/Aug/71
http://www.securityfocus.com/bid/69410
http://www.securitytracker.com/id/1030758
https://exchange.xforce.ibmcloud.com/vulnerabilities/95494
http://seclists.org/fulldisclosure/2014/Aug/71
http://www.securityfocus.com/bid/69410
http://www.securitytracker.com/id/1030758
https://exchange.xforce.ibmcloud.com/vulnerabilities/95494