CVE-2009-1244

2009-04-1316:30:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2009-1244

vmware

vulnerability

arbitrary code execution

guest os

host os

virtual machine

nvd

6.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

30.6%

JSON

Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.

CPENameOperatorVersion
vmware:acevmware acele2.5.1
vmware:acevmware aceeq1.0
vmware:playervmware playerle2.5.1
vmware:playervmware playereq1.0.7
vmware:acevmware aceeq2.0.5
vmware:acevmware aceeq1.0.1
vmware:fusionvmware fusioneq2.0.1
vmware:acevmware aceeq1.0.7
vmware:workstationvmware workstationeq5.5.6
vmware:servervmware servereq1.0.9

CPE	Name	Operator	Version
vmware:ace	vmware ace	le	2.5.1
vmware:ace	vmware ace	eq	1.0
vmware:player	vmware player	le	2.5.1
vmware:player	vmware player	eq	1.0.7
vmware:ace	vmware ace	eq	2.0.5
vmware:ace	vmware ace	eq	1.0.1
vmware:fusion	vmware fusion	eq	2.0.1
vmware:ace	vmware ace	eq	1.0.7
vmware:workstation	vmware workstation	eq	5.5.6
vmware:server	vmware server	eq	1.0.9