CVE-2012-2449

high

Description

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16863

https://exchange.xforce.ibmcloud.com/vulnerabilities/75376

http://www.vmware.com/security/advisories/VMSA-2012-0009.html

http://www.securitytracker.com/id?1027019

http://www.securityfocus.com/bid/53369

http://secunia.com/advisories/49032

http://osvdb.org/81694

Details

Source: Mitre, NVD

Published: 2012-05-04

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.02408