CVE-2010-1142

Severity Score

8.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.

VMware Tools en VMware Workstation v6.5.x anterior v6.5.4 build 246459; VMware Player v2.5.x anterior v2.5.4 build 246459; VMware ACE v2.5.x anterior v2.5.4 build 246459; VMware Server v2.x anterior v2.0.2 build 203138; VMware Fusion v2.x anterior v2.0.6 build 246742; VMware ESXi v3.5 y v4.0; y VMware ESX v2.5.5, v3.0.3, v3.5, y v4.0 no cargan adecuadamente los programas VMware, lo que puede permitir a usuarios de petición de sistemas operativos Windows obtener privilegios estableciendo un troyano en una dirección no especificada en el disco de petición OS.

*Credits: N/A

CVSS Scores

NISTv2 8.5

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-03-29 CVE Reserved
2010-04-10 CVE Published
2024-05-30 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (11)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html	Mailing List
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html	Mailing List
http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt	X_refsource_misc
http://www.securityfocus.com/bid/39394	Vdb Entry
http://www.securitytracker.com/id?1023832	Vdb Entry
http://www.securitytracker.com/id?1023833	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://lists.vmware.com/pipermail/security-announce/2010/000090.html	2013-05-15
http://www.vmware.com/security/advisories/VMSA-2010-0007.html	2013-05-15

URL	Date	SRC
http://secunia.com/advisories/39198	2013-05-15
http://secunia.com/advisories/39206	2013-05-15
http://security.gentoo.org/glsa/glsa-201209-25.xml	2013-05-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vmware Search vendor "Vmware"	Workstation Search vendor "Vmware" for product "Workstation"	6.5.0 Search vendor "Vmware" for product "Workstation" and version "6.5.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Workstation Search vendor "Vmware" for product "Workstation"	6.5.1 Search vendor "Vmware" for product "Workstation" and version "6.5.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Workstation Search vendor "Vmware" for product "Workstation"	6.5.2 Search vendor "Vmware" for product "Workstation" and version "6.5.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Workstation Search vendor "Vmware" for product "Workstation"	6.5.3 Search vendor "Vmware" for product "Workstation" and version "6.5.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Player Search vendor "Vmware" for product "Player"	2.5 Search vendor "Vmware" for product "Player" and version "2.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Player Search vendor "Vmware" for product "Player"	2.5.1 Search vendor "Vmware" for product "Player" and version "2.5.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Player Search vendor "Vmware" for product "Player"	2.5.2 Search vendor "Vmware" for product "Player" and version "2.5.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Player Search vendor "Vmware" for product "Player"	2.5.3 Search vendor "Vmware" for product "Player" and version "2.5.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Ace Search vendor "Vmware" for product "Ace"	2.5.0 Search vendor "Vmware" for product "Ace" and version "2.5.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Ace Search vendor "Vmware" for product "Ace"	2.5.1 Search vendor "Vmware" for product "Ace" and version "2.5.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Ace Search vendor "Vmware" for product "Ace"	2.5.2 Search vendor "Vmware" for product "Ace" and version "2.5.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Ace Search vendor "Vmware" for product "Ace"	2.5.3 Search vendor "Vmware" for product "Ace" and version "2.5.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Server Search vendor "Vmware" for product "Server"	2.0.0 Search vendor "Vmware" for product "Server" and version "2.0.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Server Search vendor "Vmware" for product "Server"	2.0.1 Search vendor "Vmware" for product "Server" and version "2.0.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Server Search vendor "Vmware" for product "Server"	2.0.2 Search vendor "Vmware" for product "Server" and version "2.0.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0 Search vendor "Vmware" for product "Fusion" and version "2.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.1 Search vendor "Vmware" for product "Fusion" and version "2.0.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.2 Search vendor "Vmware" for product "Fusion" and version "2.0.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.3 Search vendor "Vmware" for product "Fusion" and version "2.0.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.4 Search vendor "Vmware" for product "Fusion" and version "2.0.4"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	2.0.5 Search vendor "Vmware" for product "Fusion" and version "2.0.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Fusion Search vendor "Vmware" for product "Fusion"	3.0 Search vendor "Vmware" for product "Fusion" and version "3.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esxi Search vendor "Vmware" for product "Esxi"	3.5 Search vendor "Vmware" for product "Esxi" and version "3.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esxi Search vendor "Vmware" for product "Esxi"	4.0 Search vendor "Vmware" for product "Esxi" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esx Search vendor "Vmware" for product "Esx"	2.5.5 Search vendor "Vmware" for product "Esx" and version "2.5.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esx Search vendor "Vmware" for product "Esx"	3.0.3 Search vendor "Vmware" for product "Esx" and version "3.0.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esx Search vendor "Vmware" for product "Esx"	3.5 Search vendor "Vmware" for product "Esx" and version "3.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Vmware Search vendor "Vmware"	Esx Search vendor "Vmware" for product "Esx"	4.0 Search vendor "Vmware" for product "Esx" and version "4.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe