[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2450Date: (C)2012-05-04   (M)2023-12-22


VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.0
Exploit Score: 8.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1027019
SECUNIA-49032
BID-53369
OSVDB-81695
IAVM:2012-A-0071
IAVM:2012-A-0072
IAVM:2012-A-0073
IAVM:2012-A-0075
esxserver-scsi-priv-esc(75377)
http://www.vmware.com/security/advisories/VMSA-2012-0009.html
oval:org.mitre.oval:def:16852

CPE    28
cpe:/a:vmware:player:4.0.2
cpe:/a:vmware:player:4.0.1
cpe:/a:vmware:player:4.0
cpe:/o:vmware:esx:3.5:update2
...
OVAL    1
oval:org.secpod.oval:def:36432

© SecPod Technologies