CVE-2010-1141

Severity Score

8.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.

VMware Tools en VMware Workstation v6.5.x before v6.5.4 build v246459; VMware Player v2.5.x anterior a v2.5.4 build 246459; VMware ACE v2.5.x anterior a v2.5.4 build 246459; VMware Server v2.x anterior a v2.0.2 build 203138; VMware Fusion v2.x anterior a v2.0.6 build 246742; VMware ESXi v3.5 y v4.0; y VMware ESX 2.5.5, 3.0.3, 3.5, y 4.0 no accede adecuadamente a las bibliotecas de acceso, lo cual permite a atacantes remotos ayudados por usuarios ejecutar código a su elección al engañar a un usuario en un cliente Windows OS a hacer clic en un archivo que se almacena en un recurso compartido de red.

*Credits: N/A

CVSS Scores

NISTv2 8.5

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-03-29 CVE Reserved
2010-04-10 CVE Published
2024-05-30 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (10)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html	Mailing List
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html	Mailing List
http://www.securitytracker.com/id?1023832	Vdb Entry
http://www.securitytracker.com/id?1023833	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020	Signature

URL	Date	SRC

URL	Date	SRC
http://lists.vmware.com/pipermail/security-announce/2010/000090.html	2017-09-19
http://www.vmware.com/security/advisories/VMSA-2010-0007.html	2017-09-19

URL	Date	SRC
http://secunia.com/advisories/39198	2017-09-19
http://secunia.com/advisories/39206	2017-09-19
http://security.gentoo.org/glsa/glsa-201209-25.xml	2017-09-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vmware Search vendor "Vmware"	Workstation Search vendor "Vmware" for product "Workstation"	6.5.0 Search vendor "Vmware" for product "Workstation" and version "6.5.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Workstation Search vendor "Vmware" for product "Workstation"	6.5.1 Search vendor "Vmware" for product "Workstation" and version "6.5.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Workstation Search vendor "Vmware" for product "Workstation"	6.5.2 Search vendor "Vmware" for product "Workstation" and version "6.5.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Workstation Search vendor "Vmware" for product "Workstation"	6.5.3 Search vendor "Vmware" for product "Workstation" and version "6.5.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Player Search vendor "Vmware" for product "Player"	2.5 Search vendor "Vmware" for product "Player" and version "2.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Player Search vendor "Vmware" for product "Player"	2.5.1 Search vendor "Vmware" for product "Player" and version "2.5.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Player Search vendor "Vmware" for product "Player"	2.5.2 Search vendor "Vmware" for product "Player" and version "2.5.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Player Search vendor "Vmware" for product "Player"	2.5.3 Search vendor "Vmware" for product "Player" and version "2.5.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Ace Search vendor "Vmware" for product "Ace"	2.5.0 Search vendor "Vmware" for product "Ace" and version "2.5.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Ace Search vendor "Vmware" for product "Ace"	2.5.1 Search vendor "Vmware" for product "Ace" and version "2.5.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Ace Search vendor "Vmware" for product "Ace"	2.5.2 Search vendor "Vmware" for product "Ace" and version "2.5.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Ace Search vendor "Vmware" for product "Ace"	2.5.3 Search vendor "Vmware" for product "Ace" and version "2.5.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Server Search vendor "Vmware" for product "Server"	2.0.0 Search vendor "Vmware" for product "Server" and version "2.0.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Server Search vendor "Vmware" for product "Server"	2.0.1 Search vendor "Vmware" for product "Server" and version "2.0.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Server Search vendor "Vmware" for product "Server"	2.0.2 Search vendor "Vmware" for product "Server" and version "2.0.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0 Search vendor "Vmware" for product "Fusion" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.1 Search vendor "Vmware" for product "Fusion" and version "2.0.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.2 Search vendor "Vmware" for product "Fusion" and version "2.0.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.3 Search vendor "Vmware" for product "Fusion" and version "2.0.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.4 Search vendor "Vmware" for product "Fusion" and version "2.0.4"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.5 Search vendor "Vmware" for product "Fusion" and version "2.0.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	3.0 Search vendor "Vmware" for product "Fusion" and version "3.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esxi Search vendor "Vmware" for product "Esxi"	3.5 Search vendor "Vmware" for product "Esxi" and version "3.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esxi Search vendor "Vmware" for product "Esxi"	4.0 Search vendor "Vmware" for product "Esxi" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esx Search vendor "Vmware" for product "Esx"	2.5.5 Search vendor "Vmware" for product "Esx" and version "2.5.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esx Search vendor "Vmware" for product "Esx"	3.0.3 Search vendor "Vmware" for product "Esx" and version "3.0.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esx Search vendor "Vmware" for product "Esx"	3.5 Search vendor "Vmware" for product "Esx" and version "3.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esx Search vendor "Vmware" for product "Esx"	4.0 Search vendor "Vmware" for product "Esx" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe