7.2

CVE-2015-3650

vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwarePlayer Version5.0
VMwarePlayer Version5.0.1
VMwarePlayer Version5.0.2
VMwarePlayer Version5.0.3
VMwarePlayer Version5.0.4
VMwarePlayer Version6.0
VMwarePlayer Version6.0.1
VMwarePlayer Version6.0.2
VMwarePlayer Version6.0.3
VMwarePlayer Version6.0.4
VMwarePlayer Version6.0.5
VMwarePlayer Version6.0.6
VMwarePlayer Version7.0
VMwarePlayer Version7.1
VMwareWorkstation Version10.0
VMwareWorkstation Version10.0.1
VMwareWorkstation Version10.0.2
VMwareWorkstation Version10.0.3
VMwareWorkstation Version10.0.4
VMwareWorkstation Version10.0.5
VMwareWorkstation Version10.0.6
VMwareWorkstation Version11.0
VMwareWorkstation Version11.1
VMwareHorizon View Client Version5.4
VMwareHorizon View Client Version5.4.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.292
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.