CVE-2010-3277
https://notcve.org/view.php?id=CVE-2010-3277
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. El instalador en VMware Workstation v7.x anterior v7.1.2 build 301548 y VMware Player v3.x anterior v3.1.2 build 301548 lanza un fichero index.htm si se presenta en el directorio de instalación, lo que puede permitir a usuarios locales provocar una interpretación no prevista de código web o HTML por la creación de dicho archivo. • http://lists.vmware.com/pipermail/security-announce/2010/000105.html http://secunia.com/advisories/41574 http://securitytracker.com/id?1024481 http://www.vmware.com/security/advisories/VMSA-2010-0014.html http://www.vupen.com/english/advisories/2010/2491 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-2249 – libpng: Memory leak when processing Physical Scale (sCAL) images
https://notcve.org/view.php?id=CVE-2010-2249
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Fuga de memoria en pngrutil.c en libpng anteriores a v1.2.44 y v1.4.x anteriores a v.1.4.3, permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) a través de una imagen que contiene un troceado mal formado del Physical Scale (también conocido como sCAL) • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html http • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2009-4811
https://notcve.org/view.php?id=CVE-2009-4811
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information. VMware Authentication Daemon 1.0 en vmware-authd.exe en VMware Authorization Service en VMware Workstation 7.0 en versiones anteriores a la 7.0.1 build 227600 y 6.5.x en versiones anteriores a la 6.5.4 build 246459, VMware Player 3.0 en versiones anteriores a la 3.0.1 build 227600 y 2.5.x en versiones anteriores a la 2.5.4 build 246459, VMware ACE 2.6 en versiones anteriores a la 2.6.1 build 227600 y 2.5.x en versiones anteriores a la 2.5.4 build 246459 y VMware Server 2.x permiten a atacantes remotos provocar una denegación de servicio (caída del proceso) mediante una secuencia \x25\x90 en los comandos USER y PASS, un problema relacionado con CVE-2009-3707. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://freetexthost.com/qr1tffkzpu http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/36630 http://www.vmware.com/security/advisories/VMSA-2010-0007.html • CWE-134: Use of Externally-Controlled Format String •
CVE-2010-1141
https://notcve.org/view.php?id=CVE-2010-1141
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. VMware Tools en VMware Workstation v6.5.x before v6.5.4 build v246459; VMware Player v2.5.x anterior a v2.5.4 build 246459; VMware ACE v2.5.x anterior a v2.5.4 build 246459; VMware Server v2.x anterior a v2.0.2 build 203138; VMware Fusion v2.x anterior a v2.0.6 build 246742; VMware ESXi v3.5 y v4.0; y VMware ESX 2.5.5, 3.0.3, 3.5, y 4.0 no accede adecuadamente a las bibliotecas de acceso, lo cual permite a atacantes remotos ayudados por usuarios ejecutar código a su elección al engañar a un usuario en un cliente Windows OS a hacer clic en un archivo que se almacena en un recurso compartido de red. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/39198 http://secunia.com/advisories/39206 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securitytracker.com/id?1023832 http://www.securitytracker.com/id?1023833 http://www.vmware.com/security/advisories/VMSA-2010-0007.html https://oval • CWE-264: Permissions, Privileges, and Access Controls •