CVE-2012-2450

high

Description

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

References

http://osvdb.org/81695

http://secunia.com/advisories/49032

http://www.securityfocus.com/bid/53369

http://www.securitytracker.com/id?1027019

http://www.vmware.com/security/advisories/VMSA-2012-0009.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/75377

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16852

Details

Source: MITRE

Published: 2012-05-04

Updated: 2017-12-14

Risk Information

CVSS v2

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH