CVE-2012-2449

EPSS 2.41%
Published 04.05.2012 16:55:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Workstation Version8.0

VMware ≫ Workstation Version8.0.1

VMware ≫ Workstation Version8.0.2

VMware ≫ Player Version4.0

VMware ≫ Player Version4.0.1

VMware ≫ Player Version4.0.2

VMware ≫ Fusion Version4.0

VMware ≫ Fusion Version4.0.1

VMware ≫ Fusion Version4.0.2

VMware ≫ Fusion Version4.1

VMware ≫ Fusion Version4.1.1

VMware ≫ Fusion Version4.1.2

VMware ≫ ESXi Version3.5

VMware ≫ ESXi Version3.5 Update1

VMware ≫ ESXi Version4.0

VMware ≫ ESXi Version4.0 Update1

VMware ≫ ESXi Version4.0 Update2

VMware ≫ ESXi Version4.0 Update3

VMware ≫ ESXi Version4.0 Update4

VMware ≫ ESXi Version4.1

VMware ≫ ESXi Version4.1 Update1

VMware ≫ ESXi Version4.1 Update2

VMware ≫ ESXi Version5.0

VMware ≫ Esx Version3.5

VMware ≫ Esx Version3.5 Updateupdate1

VMware ≫ Esx Version3.5 Updateupdate2

VMware ≫ Esx Version3.5 Updateupdate3

VMware ≫ Esx Version4.0

VMware ≫ Esx Version4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.41%	0.836

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/53369

http://www.vmware.com/security/advisories/VMSA-2012-0009.html

http://osvdb.org/81694

http://secunia.com/advisories/49032

http://www.securitytracker.com/id?1027019

https://exchange.xforce.ibmcloud.com/vulnerabilities/75376

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16863

https://nvd.nist.gov/vuln/detail/CVE-2012-2449

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2449

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2449

EUVD