CVSS: 8.3EPSS: 0%CPEs: 14EXPL: 0CVE-2012-5458
https://notcve.org/view.php?id=CVE-2012-5458
VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. VMware Workstation v8.x antes de v8.0.5 y VMware Player v4.x antes de v4.0.5 en Windows utiliza permisos débiles para hilos de proceso no especificados, lo que permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host a través de una aplicación diseñada. • http://osvdb.org/87118 http://www.securityfocus.com/bid/56469 http://www.vmware.com/security/advisories/VMSA-2012-0015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79924 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.9EPSS: 0%CPEs: 14EXPL: 0CVE-2012-5459
https://notcve.org/view.php?id=CVE-2012-5459
Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." Vulnerabilidad de ruta de búsqueda no confiable en VMware Workstation v8.x antes de v8.0.5 y VMware Player v4.x antes de v4.0.5 en Windows, permite a a los usuarios del sistema operativo anfitrión, ganar privilejos del sistema operativo anfitrión a través de una DLL caballo de troya en una "carpeta del sistema". • http://osvdb.org/87119 http://www.securityfocus.com/bid/56470 http://www.vmware.com/security/advisories/VMSA-2012-0015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79923 •
CVSS: 9.3EPSS: 96%CPEs: 15EXPL: 2CVE-2012-3569 – VMware OVF Tools - Format String
https://notcve.org/view.php?id=CVE-2012-3569
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. Vulnerabilidad de formato de cadena en VMware OVF Tool v2.1 en Windows, tal y como se utiliza en VMware Workstation v8x antes de v8.0.5, v4.x VMware Player antes de v4.0.5, y otros productos, permite ejecutar código de su elección a atacantes remotos asistidos por un usuario local a través de un archivo OVF debidamente modificado. • https://www.exploit-db.com/exploits/24461 https://www.exploit-db.com/exploits/24460 http://osvdb.org/87117 http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html http://secunia.com/advisories/51240 http://technet.microsoft.com/en-us/security/msvr/msvr13-002 http://www.vmware.com/security/advisories/VMSA-2012-0015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79922 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.9EPSS: 0%CPEs: 20EXPL: 1CVE-2012-1666 – ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-1666
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Vulnerabilidad de path de búsqueda no confiable en VMware Tools en VMware Workstation anteriores a v8.0.4, VMware Player anteriores a v4.0.4, VMware Fusion anteriores a v4.1.2, VMware View anteriores a v5.1, y VMware ESX v4.1 anteriores a vU3 y v5.0 anteriores a vP03, permite a usuario locales obtener privilegios a través de un fichero tpfc.dll troyanizado en el directorio de trabajo actual. • https://www.exploit-db.com/exploits/37780 http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity •
CVSS: 9.3EPSS: 1%CPEs: 48EXPL: 0CVE-2012-3288
https://notcve.org/view.php?id=CVE-2012-3288
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file. VMware Workstation v7.x antes de v7.1.6 y v8.x antes de v8.0.4, VMware Player v3.x antes de v3.1.6 y v4.x antes de v4.0.4, VMware Fusion v4.x antes de 4.1.3, VMware ESXi v3.5 a v5.0 y VMware ESX v3.5 a v4.1 permite ejecutar código de su elección en el sistema operativo anfitrión a atacantes remotos (con cierta ayuda de usuarios locales) o causar una denegación de servicio (por corrupción de memoria) en el sistema operativo anfitrión a través de un archivo Checkpoint modificado. • http://www.vmware.com/security/advisories/VMSA-2012-0011.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17178 • CWE-20: Improper Input Validation •