CVE-2012-2450

2012-05-0416:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

vmware

workstation

player

fusion

esxi

esx

scsi

denial of service

code execution

security vulnerability

nvd

9.7 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.6%

JSON

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

CPENameOperatorVersion
vmware:workstationvmware workstationeq8.0.1
vmware:workstationvmware workstationeq8.0.2
vmware:workstationvmware workstationeq8.0
vmware:playervmware playereq4.0.1
vmware:playervmware playereq4.0.2
vmware:playervmware playereq4.0
vmware:fusionvmware fusioneq4.0.1
vmware:fusionvmware fusioneq4.1.1
vmware:fusionvmware fusioneq4.0
vmware:fusionvmware fusioneq4.0.2

CPE	Name	Operator	Version
vmware:workstation	vmware workstation	eq	8.0.1
vmware:workstation	vmware workstation	eq	8.0.2
vmware:workstation	vmware workstation	eq	8.0
vmware:player	vmware player	eq	4.0.1
vmware:player	vmware player	eq	4.0.2
vmware:player	vmware player	eq	4.0
vmware:fusion	vmware fusion	eq	4.0.1
vmware:fusion	vmware fusion	eq	4.1.1
vmware:fusion	vmware fusion	eq	4.0
vmware:fusion	vmware fusion	eq	4.0.2