5

CVE-2010-1138

EPSS 0.77%
Published 12.04.2010 18:30:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Workstation Version7.0

VMware ≫ Workstation Version6.5.0

Microsoft ≫ Windows

VMware ≫ Workstation Version6.5.1

Microsoft ≫ Windows

VMware ≫ Workstation Version6.5.2

Microsoft ≫ Windows

VMware ≫ Workstation Version6.5.3

Microsoft ≫ Windows

VMware ≫ Player Version3.0

VMware ≫ Player Version2.5

Microsoft ≫ Windows

VMware ≫ Player Version2.5.1

Microsoft ≫ Windows

VMware ≫ Player Version2.5.2

Microsoft ≫ Windows

VMware ≫ Player Version2.5.3

Microsoft ≫ Windows

VMware ≫ Ace Version2.5.0

VMware ≫ Ace Version2.5.1

VMware ≫ Ace Version2.5.2

VMware ≫ Ace Version2.5.3

VMware ≫ Ace Version2.6

VMware ≫ Server Version2.0.0

VMware ≫ Server Version2.0.1

VMware ≫ Server Version2.0.2

VMware ≫ Fusion Version2.0

VMware ≫ Fusion Version2.0.1

VMware ≫ Fusion Version2.0.2

VMware ≫ Fusion Version2.0.3

VMware ≫ Fusion Version2.0.4

VMware ≫ Fusion Version2.0.5

VMware ≫ Fusion Version2.0.6

VMware ≫ Fusion Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.77%	0.712

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

http://lists.vmware.com/pipermail/security-announce/2010/000090.html

Patch

Vendor Advisory

http://secunia.com/advisories/39206

Vendor Advisory

http://secunia.com/advisories/39215

Vendor Advisory

http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Patch

Vendor Advisory

http://osvdb.org/63607

http://secunia.com/advisories/39203

Vendor Advisory

http://www.securityfocus.com/bid/39395

http://www.securitytracker.com/id?1023836

https://nvd.nist.gov/vuln/detail/CVE-2010-1138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1138

EUVD