CVE-2012-2449

high

Description

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

References

http://osvdb.org/81694

http://secunia.com/advisories/49032

http://www.securityfocus.com/bid/53369

http://www.securitytracker.com/id?1027019

http://www.vmware.com/security/advisories/VMSA-2012-0009.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/75376

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16863

Details

Source: MITRE

Published: 2012-05-04

Updated: 2017-12-14

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH