1. CVE-Search
  2. CVE-2012-4897
ID CVE-2012-4897
Summary Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:movie_decoder:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:movie_decoder:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:movie_decoder:6.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:movie_decoder:6.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:movie_decoder:6.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:movie_decoder:6.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:movie_decoder:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:movie_decoder:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:movie_decoder:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:movie_decoder:7.1.2:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 55802
bugtraq 20121010 VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates
confirm http://www.vmware.com/security/advisories/VMSA-2012-0014.html
osvdb 85957
xf vmware-movie-code-execution(79046)
Last major update 29-08-2017 - 01:32
Published 05-10-2012 - 17:55
Last modified 29-08-2017 - 01:32
Back to Top