CVE-2013-3519

HIGH

Description

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.

References

http://www.vmware.com/security/advisories/VMSA-2013-0014.html

Details

Source: MITRE

Published: 2013-12-04

Updated: 2014-03-03

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.9

Vector: (AV:A/AC:M/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 5.5

Severity: HIGH