CVE-2010-1142
Summary
| CVE | CVE-2010-1142 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-04-12 18:30:00 UTC |
| Updated | 2013-05-15 03:07:00 UTC |
| Description | VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows | All | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
| Application | Vmware | Ace | 2.5.0 | All | All | All |
| Application | Vmware | Ace | 2.5.1 | All | All | All |
| Application | Vmware | Ace | 2.5.2 | All | All | All |
| Application | Vmware | Ace | 2.5.3 | All | All | All |
| Application | Vmware | Ace | 2.5.0 | All | All | All |
| Application | Vmware | Ace | 2.5.1 | All | All | All |
| Application | Vmware | Ace | 2.5.2 | All | All | All |
| Application | Vmware | Ace | 2.5.3 | All | All | All |
| Application | Vmware | Esx | 2.5.5 | All | All | All |
| Application | Vmware | Esx | 3.0.3 | All | All | All |
| Application | Vmware | Esx | 3.5 | All | All | All |
| Application | Vmware | Esx | 4.0 | All | All | All |
| Application | Vmware | Esx | 2.5.5 | All | All | All |
| Application | Vmware | Esx | 3.0.3 | All | All | All |
| Application | Vmware | Esx | 3.5 | All | All | All |
| Application | Vmware | Esx | 4.0 | All | All | All |
| Application | Vmware | Esxi | 3.5 | All | All | All |
| Application | Vmware | Esxi | 4.0 | All | All | All |
| Application | Vmware | Esxi | 3.5 | All | All | All |
| Application | Vmware | Esxi | 4.0 | All | All | All |
| Application | Vmware | Fusion | 2.0 | All | All | All |
| Application | Vmware | Fusion | 2.0.1 | All | All | All |
| Application | Vmware | Fusion | 2.0.2 | All | All | All |
| Application | Vmware | Fusion | 2.0.3 | All | All | All |
| Application | Vmware | Fusion | 2.0.4 | All | All | All |
| Application | Vmware | Fusion | 2.0.5 | All | All | All |
| Application | Vmware | Fusion | 3.0 | All | All | All |
| Application | Vmware | Fusion | 2.0 | All | All | All |
| Application | Vmware | Fusion | 2.0.1 | All | All | All |
| Application | Vmware | Fusion | 2.0.2 | All | All | All |
| Application | Vmware | Fusion | 2.0.3 | All | All | All |
| Application | Vmware | Fusion | 2.0.4 | All | All | All |
| Application | Vmware | Fusion | 2.0.5 | All | All | All |
| Application | Vmware | Fusion | 3.0 | All | All | All |
| Application | Vmware | Player | 2.5 | All | All | All |
| Application | Vmware | Player | 2.5.1 | All | All | All |
| Application | Vmware | Player | 2.5.2 | All | All | All |
| Application | Vmware | Player | 2.5.3 | All | All | All |
| Application | Vmware | Player | 2.5 | All | All | All |
| Application | Vmware | Player | 2.5.1 | All | All | All |
| Application | Vmware | Player | 2.5.2 | All | All | All |
| Application | Vmware | Player | 2.5.3 | All | All | All |
| Application | Vmware | Server | 2.0.0 | All | All | All |
| Application | Vmware | Server | 2.0.1 | All | All | All |
| Application | Vmware | Server | 2.0.2 | All | All | All |
| Application | Vmware | Server | 2.0.0 | All | All | All |
| Application | Vmware | Server | 2.0.1 | All | All | All |
| Application | Vmware | Server | 2.0.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.0 | All | All | All |
| Application | Vmware | Workstation | 6.5.1 | All | All | All |
| Application | Vmware | Workstation | 6.5.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.3 | All | All | All |
| Application | Vmware | Workstation | 6.5.0 | All | All | All |
| Application | Vmware | Workstation | 6.5.1 | All | All | All |
| Application | Vmware | Workstation | 6.5.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VMware Hosted Products VMware Tools Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | |
| VMware Products Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Gentoo Linux Documentation -- VMware Player, Server, Workstation: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| [Security-announce] VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues | MLIST | lists.vmware.com | Patch, Vendor Advisory |
| SecurityTracker.com Archives - VMware Tools Executable/Library Loading/Unloading Flaws Let Users Execute Arbitrary Code | SECTRACK | www.securitytracker.com | |
| VMware Products VMware Tools Two Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | BUGTRAQ | archives.neohapsis.com | |
| SecurityTracker.com Archives - VMware ESX Server VMware Tools Executable/Library Loading/Unloading Flaws Let Users Execute Arbitrary Code | SECTRACK | www.securitytracker.com | |
| VMSA-2010-0007.1 | CONFIRM | www.vmware.com | Patch, Vendor Advisory |
| www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt | MISC | www.acrossecurity.com | |
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | FULLDISC | archives.neohapsis.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.