CVE-2010-4297

EPSS 2.4%
Published 06.12.2010 21:05:49
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Workstation Version6.5.0

VMware ≫ Workstation Version6.5.1

VMware ≫ Workstation Version6.5.2

VMware ≫ Workstation Version6.5.3

VMware ≫ Workstation Version6.5.5

VMware ≫ Workstation Version7.0

VMware ≫ Workstation Version7.0.1

VMware ≫ Workstation Version7.1

VMware ≫ Workstation Version7.1.1

VMware ≫ Workstation Version7.1.2

VMware ≫ Player Version2.5

VMware ≫ Player Version2.5.1

VMware ≫ Player Version2.5.2

VMware ≫ Player Version2.5.3

VMware ≫ Player Version2.5.4

VMware ≫ Player Version2.5.5

VMware ≫ Player Version3.1

VMware ≫ Player Version3.1.1

VMware ≫ Player Version3.1.2

VMware ≫ Fusion Version2.0

VMware ≫ Fusion Version2.0.1

VMware ≫ Fusion Version2.0.2

VMware ≫ Fusion Version2.0.3

VMware ≫ Fusion Version2.0.4

VMware ≫ Fusion Version2.0.5

VMware ≫ Fusion Version2.0.6

VMware ≫ Fusion Version2.0.7

VMware ≫ Fusion Version2.0.8

VMware ≫ Fusion Version3.1

VMware ≫ Fusion Version3.1.1

VMware ≫ Fusion Version3.1.2

VMware ≫ Esxi Version3.5

VMware ≫ Esxi Version4.0

VMware ≫ Esxi Version4.1

VMware ≫ Esx Version3.5

VMware ≫ Esx Version4.0

VMware ≫ Esx Version4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.4%	0.844

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.vmware.com/pipermail/security-announce/2010/000112.html

http://secunia.com/advisories/42482

Vendor Advisory

http://www.securityfocus.com/archive/1/514995/100/0/threaded

http://www.securitytracker.com/id?1024819

http://www.vmware.com/security/advisories/VMSA-2010-0018.html

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3116

Vendor Advisory

http://www.securitytracker.com/id?1024820

http://osvdb.org/69590

http://secunia.com/advisories/42480