CVE-2012-1518

high

Description

VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.

References

http://osvdb.org/81163

http://secunia.com/advisories/48782

http://www.securityfocus.com/bid/53006

http://www.securitytracker.com/id?1026922

http://www.securitytracker.com/id?1026923

http://www.vmware.com/security/advisories/VMSA-2012-0007.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16745

Details

Source: MITRE

Published: 2012-04-17

Updated: 2017-12-29

Type: CWE-264

Risk Information

CVSS v2

Base Score: 8.3

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 6.5

Severity: HIGH