1. CVE-Search
  2. CVE-2012-5459
ID CVE-2012-5459
Summary Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
CVSS
Base: 7.9 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:A/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 56470
confirm http://www.vmware.com/security/advisories/VMSA-2012-0015.html
osvdb 87119
xf workstation-dll-code-exec(79923)
Last major update 29-08-2017 - 01:32
Published 14-11-2012 - 12:30
Last modified 29-08-2017 - 01:32
Back to Top