5

CVE-2010-1138

EPSS 0.77%
Veröffentlicht 12.04.2010 18:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VMware ≫ Workstation Version7.0

VMware ≫ Workstation Version6.5.0

Microsoft ≫ Windows

VMware ≫ Workstation Version6.5.1

Microsoft ≫ Windows

VMware ≫ Workstation Version6.5.2

Microsoft ≫ Windows

VMware ≫ Workstation Version6.5.3

Microsoft ≫ Windows

VMware ≫ Player Version3.0

VMware ≫ Player Version2.5

Microsoft ≫ Windows

VMware ≫ Player Version2.5.1

Microsoft ≫ Windows

VMware ≫ Player Version2.5.2

Microsoft ≫ Windows

VMware ≫ Player Version2.5.3

Microsoft ≫ Windows

VMware ≫ Ace Version2.5.0

VMware ≫ Ace Version2.5.1

VMware ≫ Ace Version2.5.2

VMware ≫ Ace Version2.5.3

VMware ≫ Ace Version2.6

VMware ≫ Server Version2.0.0

VMware ≫ Server Version2.0.1

VMware ≫ Server Version2.0.2

VMware ≫ Fusion Version2.0

VMware ≫ Fusion Version2.0.1

VMware ≫ Fusion Version2.0.2

VMware ≫ Fusion Version2.0.3

VMware ≫ Fusion Version2.0.4

VMware ≫ Fusion Version2.0.5

VMware ≫ Fusion Version2.0.6

VMware ≫ Fusion Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.77%	0.712

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

http://lists.vmware.com/pipermail/security-announce/2010/000090.html

Patch

Vendor Advisory

http://secunia.com/advisories/39206

Vendor Advisory

http://secunia.com/advisories/39215

Vendor Advisory

http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Patch

Vendor Advisory

http://osvdb.org/63607

http://secunia.com/advisories/39203

Vendor Advisory

http://www.securityfocus.com/bid/39395

http://www.securitytracker.com/id?1023836

https://nvd.nist.gov/vuln/detail/CVE-2010-1138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1138

EUVD