CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2012-4897
https://notcve.org/view.php?id=CVE-2012-4897
Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. Vulnerabilidad en path de búsqueda no confiables en el instalador de VMware Movie Decoder anteriores a v9.0 permite a usuarios locales a obtener privilegios a través de un fichero ejecutable troyanizado en el directorio de instalación. • http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html http://osvdb.org/85957 http://www.securityfocus.com/bid/55802 http://www.vmware.com/security/advisories/VMSA-2012-0014.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79046 •
CVSS: 6.9EPSS: 0%CPEs: 20EXPL: 1CVE-2012-1666 – ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-1666
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Vulnerabilidad de path de búsqueda no confiable en VMware Tools en VMware Workstation anteriores a v8.0.4, VMware Player anteriores a v4.0.4, VMware Fusion anteriores a v4.1.2, VMware View anteriores a v5.1, y VMware ESX v4.1 anteriores a vU3 y v5.0 anteriores a vP03, permite a usuario locales obtener privilegios a través de un fichero tpfc.dll troyanizado en el directorio de trabajo actual. • https://www.exploit-db.com/exploits/37780 http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2012-3289
https://notcve.org/view.php?id=CVE-2012-3289
VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device. VMware Workstation antes de v8.0.4 8.x, VMware Player antes de v4.0.4 4.x, VMware ESXi v3.5 a v5.0 y VMware ESX v3.5 a v4.1 permiten a atacantes remotos causar una denegación de servicio (caida del sistema operativo huesped) a través de tráfico de red de un dispositivo virtual remoto red espcíficamente modificado. • http://www.vmware.com/security/advisories/VMSA-2012-0011.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 48EXPL: 0CVE-2012-3288
https://notcve.org/view.php?id=CVE-2012-3288
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file. VMware Workstation v7.x antes de v7.1.6 y v8.x antes de v8.0.4, VMware Player v3.x antes de v3.1.6 y v4.x antes de v4.0.4, VMware Fusion v4.x antes de 4.1.3, VMware ESXi v3.5 a v5.0 y VMware ESX v3.5 a v4.1 permite ejecutar código de su elección en el sistema operativo anfitrión a atacantes remotos (con cierta ayuda de usuarios locales) o causar una denegación de servicio (por corrupción de memoria) en el sistema operativo anfitrión a través de un archivo Checkpoint modificado. • http://www.vmware.com/security/advisories/VMSA-2012-0011.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17178 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2752
https://notcve.org/view.php?id=CVE-2012-2752
Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en VMware vMA v4.x y v5.x antes de v5.0.0.2, permite a usuarios locales conseguir privilegios a través de un caballo de Troya DLL en el directorio de trabajo actual. • http://osvdb.org/82276 http://secunia.com/advisories/49300 http://secunia.com/advisories/49322 http://www.securityfocus.com/bid/53697 http://www.securitytracker.com/id?1027099 http://www.vmware.com/security/advisories/VMSA-2012-0010.html https://exchange.xforce.ibmcloud.com/vulnerabilities/75891 •