ID CVE-2015-2337
Summary TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:10.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:10.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:10.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:10.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:10.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:10.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:10.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:10.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_view_client:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_view_client:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_view_client:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_view_client:5.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 31-12-2016 - 02:59)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:A/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 75095
confirm http://www.vmware.com/security/advisories/VMSA-2015-0004.html
sectrack
  • 1032529
  • 1032530
Last major update 31-12-2016 - 02:59
Published 13-06-2015 - 14:59
Last modified 31-12-2016 - 02:59
Back to Top