CVE-2009-2267
VMware Virtual 8086 - Linux Local Ring0
Severity Score
6.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
VMware Workstation v6.5.x anteriores a v6.5.3 build 185404, VMware Player v2.5.x anteriores a v2.5.3 build 185404, VMware ACE v2.5.x anteriores a v2.5.3 build 185404, VMware Server v1.x anteriores a v1.0.10 build 203137 and v2.x anteriores a v2.0.2 build 203138, VMware Fusion v2.x anteriores a v2.0.6 build 196839, VMware ESXi v3.5 y v4.0, y VMware ESX v2.5.5, v3.0.3, v3.5 y v4.0, cuando el modo Virtual-8086 es usado, no asigna adecuadamente el código de excepción para una excepción de fallo de página (también conocido como #PF), lo que permite a usuarios del SO anfitrión obtener privilegios en el SO anfitrión especificando un valor modificado para el registro cs.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-07-01 CVE Reserved
- 2009-10-27 CVE Published
- 2009-10-27 First Exploit
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1023082 | Vdb Entry | |
| http://securitytracker.com/id?1023083 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/507523/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/507539/100/0/threaded | Mailing List | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/10207 | 2009-10-27 | |
| http://www.securityfocus.com/bid/36841 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2009-0015.html | 2018-10-10 |
| URL | Date | SRC |
|---|---|---|
| http://lists.vmware.com/pipermail/security-announce/2009/000069.html | 2018-10-10 | |
| http://secunia.com/advisories/37172 | 2018-10-10 | |
| http://security.gentoo.org/glsa/glsa-201209-25.xml | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2009/3062 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.5.0 Search vendor "Vmware" for product "Ace" and version "2.5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.5.1 Search vendor "Vmware" for product "Ace" and version "2.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.5.2 Search vendor "Vmware" for product "Ace" and version "2.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 2.5.5 Search vendor "Vmware" for product "Esx" and version "2.5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 3.0.3 Search vendor "Vmware" for product "Esx" and version "3.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 3.5 Search vendor "Vmware" for product "Esx" and version "3.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 4.0 Search vendor "Vmware" for product "Esx" and version "4.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 3.5 Search vendor "Vmware" for product "Esxi" and version "3.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 4.0 Search vendor "Vmware" for product "Esxi" and version "4.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | 2.0 Search vendor "Vmware" for product "Fusion" and version "2.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | 2.0.1 Search vendor "Vmware" for product "Fusion" and version "2.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | 2.0.2 Search vendor "Vmware" for product "Fusion" and version "2.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | 2.0.3 Search vendor "Vmware" for product "Fusion" and version "2.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | 2.0.4 Search vendor "Vmware" for product "Fusion" and version "2.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | 2.0.5 Search vendor "Vmware" for product "Fusion" and version "2.0.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5 Search vendor "Vmware" for product "Player" and version "2.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.1 Search vendor "Vmware" for product "Player" and version "2.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.2 Search vendor "Vmware" for product "Player" and version "2.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0 Search vendor "Vmware" for product "Server" and version "1.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.1 Search vendor "Vmware" for product "Server" and version "1.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.2 Search vendor "Vmware" for product "Server" and version "1.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.3 Search vendor "Vmware" for product "Server" and version "1.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.4 Search vendor "Vmware" for product "Server" and version "1.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.5 Search vendor "Vmware" for product "Server" and version "1.0.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.6 Search vendor "Vmware" for product "Server" and version "1.0.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.7 Search vendor "Vmware" for product "Server" and version "1.0.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.8 Search vendor "Vmware" for product "Server" and version "1.0.8" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 1.0.9 Search vendor "Vmware" for product "Server" and version "1.0.9" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0 Search vendor "Vmware" for product "Server" and version "2.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0 Search vendor "Vmware" for product "Server" and version "2.0" | rc2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.1 Search vendor "Vmware" for product "Server" and version "2.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.0 Search vendor "Vmware" for product "Workstation" and version "6.5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.1 Search vendor "Vmware" for product "Workstation" and version "6.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.2 Search vendor "Vmware" for product "Workstation" and version "6.5.2" | - |
Affected
| ||||||