CVE-2015-2337

2015-06-1314:59:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2015-2337

vmware

workstation

player

horizon client

memory allocation

arbitrary code execution

windows

7.3 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.1%

JSON

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.

CPENameOperatorVersion
vmware:playervmware playereq6.0
vmware:playervmware playereq7.1
vmware:workstationvmware workstationeq10.0.4
vmware:fusionvmware fusioneq6.0.1
vmware:workstationvmware workstationeq10.0.3
vmware:workstationvmware workstationeq10.0
vmware:fusionvmware fusioneq6.0.3
vmware:playervmware playereq6.0.4
vmware:playervmware playereq7.0
vmware:fusionvmware fusioneq7.0.1

CPE	Name	Operator	Version
vmware:player	vmware player	eq	6.0
vmware:player	vmware player	eq	7.1
vmware:workstation	vmware workstation	eq	10.0.4
vmware:fusion	vmware fusion	eq	6.0.1
vmware:workstation	vmware workstation	eq	10.0.3
vmware:workstation	vmware workstation	eq	10.0
vmware:fusion	vmware fusion	eq	6.0.3
vmware:player	vmware player	eq	6.0.4
vmware:player	vmware player	eq	7.0
vmware:fusion	vmware fusion	eq	7.0.1