CVE-2012-5458

2012-11-1412:30:00

CWE-264

[email protected]

web.nvd.nist.gov

vmware

workstation

player

windows

vulnerability

permissions

nvd

cve-2012-5458

6.8 Medium

AI Score

Confidence

Low

8.3 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.8%

JSON

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.

CPENameOperatorVersion
vmware:playervmware playereq4.0
vmware:playervmware playereq4.0.0.18997
vmware:playervmware playereq4.0.1
vmware:playervmware playereq4.0.2
vmware:playervmware playereq4.0.3
vmware:playervmware playereq4.0.4
vmware:workstationvmware workstationeq8.0
vmware:workstationvmware workstationeq8.0.0.18997
vmware:workstationvmware workstationeq8.0.1
vmware:workstationvmware workstationeq8.0.1.27038

CPE	Name	Operator	Version
vmware:player	vmware player	eq	4.0
vmware:player	vmware player	eq	4.0.0.18997
vmware:player	vmware player	eq	4.0.1
vmware:player	vmware player	eq	4.0.2
vmware:player	vmware player	eq	4.0.3
vmware:player	vmware player	eq	4.0.4
vmware:workstation	vmware workstation	eq	8.0
vmware:workstation	vmware workstation	eq	8.0.0.18997
vmware:workstation	vmware workstation	eq	8.0.1
vmware:workstation	vmware workstation	eq	8.0.1.27038