Lucene search
VMwareVMSA-2010-0014HistorySep 23, 2010 - 12:00 a.m.
VMware Workstation, Player, and ACE address several security issues.
2010-09-2300:00:00
www.vmware.com
44
0.97 High
EPSS
Percentile
99.7%
a. VMware Workstation and Player installer security issue
The Workstation 7.x and Player 3.x installers will load an index.htm file located in the current working directory on which Workstation 7.x or Player 3.x is being installed. This may allow an attacker to display a malicious file if they manage to get their file onto the system prior to installation.
The issue can only be exploited at the time that Workstation 7.x or Player 3.x is being installed. Installed versions of Workstation and Player are not affected. The security issue is no longer present in the installer of the new versions of Workstation 7.x and Player 3.x (see table below for the version numbers).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3277 to this issue.
VMware would like to thank Alexander Trofimov and Marc Esher for independently reporting this issue to VMware.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.
Related
vmware
vmware
VMware Workstation, Player, and ACE address several security issues.
2010-09-23 00:00:00
openvas
openvas
Fedora Update for libpng10 FEDORA-2010-10833
2010-07-23 00:00:00
Gentoo Security Advisory GLSA 201010-01 (libpng)
2011-03-09 00:00:00
Fedora Update for libpng FEDORA-2010-10592
2010-07-06 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: libpng10-1.0.54-1.fc12
2010-07-20 22:45:56
[SECURITY] Fedora 12 Update: libpng-1.2.44-1.fc12
2010-07-05 22:07:59
[SECURITY] Fedora 13 Update: libpng10-1.0.54-1.fc13
2010-07-20 22:32:04
nessus
nessus
GLSA-201010-01 : Libpng: Multiple vulnerabilities
2010-10-06 00:00:00
Oracle Linux 3 / 4 / 5 : libpng (ELSA-2010-0534)
2013-07-12 00:00:00
Scientific Linux Security Update : libpng on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
gentoo
gentoo
Libpng: Multiple vulnerabilities
2010-10-05 00:00:00
oraclelinux
oraclelinux
libpng security update
2010-07-14 00:00:00
httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
centos
centos
libpng, libpng10 security update
2010-07-14 22:40:18
httpd, mod_ssl security update
2010-03-28 20:51:15
redhat
redhat
(RHSA-2010:0534) Important: libpng security update
2010-07-14 00:00:00
(RHSA-2010:0175) Low: httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2010-07-08 00:00:00
slackware
slackware
[slackware-security] libpng
2010-06-30 06:39:45
altlinux
altlinux
Security fix for the ALT Linux 5 package libpng version 1.2.44-alt1
2010-06-29 00:00:00
Security fix for the ALT Linux 6 package libpng version 1.2.44-alt1
2010-06-29 00:00:00
Security fix for the ALT Linux 6 package libpng version 1.2.43-alt1
2010-03-09 00:00:00
securityvulns
securityvulns
[USN-960-1] libpng vulnerabilities
2010-07-11 00:00:00
libpng multiple security vulnerabilities
2010-07-11 00:00:00
Apache mod_isapi uninitialized pointer function call
2010-03-11 00:00:00
debian
debian
[SECURITY] [DSA 2072-1] New libpng packages fix several vulnerabilities
2010-07-19 12:27:24
[SECURITY] [DSA 2072-1] New libpng packages fix several vulnerabilities
2010-07-19 12:27:24
[SECURITY] [DSA-2035-1] New apache2 packages fix several issues
2010-04-17 20:58:14
osv
osv
libpng - several vulnerabilities
2010-07-19 00:00:00
apache2 - several issues
2010-04-17 00:00:00
debiancve
debiancve
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:43:56
Information Disclosure
2020-04-10 00:47:47
Arbitrary Code Execution
2020-04-10 00:43:55
cve
cve
prion
prion
Design/Logic Flaw
2010-09-28 18:00:00
Memory corruption
2010-06-30 18:30:00
Design/Logic Flaw
2010-03-05 19:30:00
exploitdb
exploitdb
Write-to-file Shellcode Win32
2010-07-09 00:00:00
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
2010-03-07 00:00:00
libpng 1.4.2 - Denial of Service
2010-07-20 00:00:00
seebug
seebug
Write-to-file Shellcode (Win32)
2014-07-01 00:00:00
Apache 2.2.xĺ诡ćąĺ¤ç俥ćŻćłé˛ćźć´
2010-03-23 00:00:00
Apache 'mod_isapi' Memory Corruption Vulnerability
2010-03-17 00:00:00
cert
cert
Apache mod_isapi module library unload results in orphaned callback pointers
2010-03-11 00:00:00
libpng fails to limit number of rows in header
2010-07-02 00:00:00
libpng stalls on highly compressed ancillary chunks
2010-03-02 00:00:00
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution (CVE-2010-0425)
2010-05-24 00:00:00
Incorrect libpng Usage Heap Overflow- Ver2 (CVE-2010-1205)
2015-05-18 00:00:00
httpd
httpd
Apache Httpd < 2.2.15 : mod_isapi module unload flaw
2010-02-09 00:00:00
Apache Httpd < 2.0.64 : mod_isapi module unload flaw
2010-02-09 00:00:00
Apache Httpd < 2.2.15 : Subrequest handling of request headers (mod_headers)
2009-12-09 00:00:00
packetstorm
packetstorm
Apache 2.2.14 mod_isapi Remote SYSTEM Exploit
2010-03-06 00:00:00
libpng 1.4.2 Denial Of Service
2010-07-21 00:00:00
exploitpack
exploitpack
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
2010-03-07 00:00:00
libpng 1.4.2 - Denial of Service
2010-07-20 00:00:00
freebsd
freebsd
png -- libpng decompression denial of service
2010-02-27 00:00:00
png -- libpng decompression buffer overflow
2010-03-30 00:00:00
kaspersky
kaspersky
KLA10386 Multiple vulnerabilities in VMware
2010-09-23 00:00:00
f5
f5
K40284849 : Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
SOL40284849 - Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
mozilla
mozilla
Remote code execution using malformed PNG image â Mozilla
2010-07-20 00:00:00