CVE-2010-1139
https://notcve.org/view.php?id=CVE-2010-1139
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata. Vulnerabilidad de formato de cadena en vmrun en VMware VIX API v1.6.x, VMware Workstation v6.5.x antes de v6.5.4 build 246459, VMware Player v2.5.x antes de v2.5.4 build 246.459, y VMware Server v2.x en Linux y VMware Fusion v2.x antes de v2.0.7 build 246.742, permite a usuarios locales conseguir privilegios a través de especificadores de formato de cadenas en los metadatos de proceso. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://osvdb.org/63606 http://secunia.com/advisories/39201 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/39407 http://www.securitytracker.com/id?1023835 http://www • CWE-134: Use of Externally-Controlled Format String •
CVE-2010-1140
https://notcve.org/view.php?id=CVE-2010-1140
The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk. El servicio USB en VMware Workstation v7.0 anterior v7.0.1 build 227600 y VMware Player v3.0 anterior v3.0.1 build 227600 en Windows puede permitir a los usuarios del sistema operativo anfitrión obtener privilegios y localizar un toryano en una localización no especificada en el disco del SO anfitrión. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/39206 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securitytracker.com/id?1023834 http://www.securityfocus.com/bid/39397 http://www.vmware.com/security/advisories/VMSA-2010-0007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-3732 – VMware Remote Console e.x.p build-158248 - Format String
https://notcve.org/view.php?id=CVE-2009-3732
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de formato de cadena en vmware-vmrc.exe build 158248 en VMware Remote Console (también conocido como VMrc) permite a atacantes remotos jcutar codigo arbitrario a través de vectores inespecíficos. • https://www.exploit-db.com/exploits/12188 http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/39110 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.vmware.com/security/advisories/VMSA-2010-0007.html • CWE-134: Use of Externally-Controlled Format String •
CVE-2009-2267 – VMware Virtual 8086 - Linux Local Ring0
https://notcve.org/view.php?id=CVE-2009-2267
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register. VMware Workstation v6.5.x anteriores a v6.5.3 build 185404, VMware Player v2.5.x anteriores a v2.5.3 build 185404, VMware ACE v2.5.x anteriores a v2.5.3 build 185404, VMware Server v1.x anteriores a v1.0.10 build 203137 and v2.x anteriores a v2.0.2 build 203138, VMware Fusion v2.x anteriores a v2.0.6 build 196839, VMware ESXi v3.5 y v4.0, y VMware ESX v2.5.5, v3.0.3, v3.5 y v4.0, cuando el modo Virtual-8086 es usado, no asigna adecuadamente el código de excepción para una excepción de fallo de página (también conocido como #PF), lo que permite a usuarios del SO anfitrión obtener privilegios en el SO anfitrión especificando un valor modificado para el registro cs. • https://www.exploit-db.com/exploits/10207 http://lists.vmware.com/pipermail/security-announce/2009/000069.html http://secunia.com/advisories/37172 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securitytracker.com/id?1023082 http://securitytracker.com/id?1023083 http://www.securityfocus.com/archive/1/507523/100/0/threaded http://www.securityfocus.com/archive/1/507539/100/0/threaded http://www.securityfocus.com/bid/36841 http://www.vmware.com/security/advisories/VM •
CVE-2009-3707 – VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-3707
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information. VMware Authentication Daemon versión 1.0 en el archivo vmware-authd.exe en el Servicio de Autorización de VMware en VMware Workstation versiones 7.0 anteriores a 7.0.1 build 227600 y versiones 6.5.x anteriores a 6.5.4 build 246459, VMware Player versiones 3.0 anteriores a 3.0.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, VMware ACE versiones 2.6 anteriores a 2.6.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, y VMware Server versiones 2.x, permite a los atacantes remotos causar una denegación de servicio (bloqueo del proceso) por medio de una secuencia de \x25\xFF en los comandos USER y PASS, relacionada con un problema de "format string DoS". NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/33271 http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/36988 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securitytracker.com/id?1022997 http://www.securityfocus.com/bid/36630 htt • CWE-134: Use of Externally-Controlled Format String •