CVE-2012-5459
high
CVSS v3
—
CVSS v2
7.9
VIR risk
7.9
Description
Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder."
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://www.vmware.com/security/advisories/VMSA-2012-0015.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| vmware | player | 4.0 | |
| vmware | player | 4.0.0.18997 | |
| vmware | player | 4.0.1 | |
| vmware | player | 4.0.2 | |
| vmware | player | 4.0.3 | |
| vmware | player | 4.0.4 | |
| vmware | workstation | 8.0 | |
| vmware | workstation | 8.0.0.18997 | |
| vmware | workstation | 8.0.1 | |
| vmware | workstation | 8.0.1.27038 | |
| vmware | workstation | 8.0.2 | |
| vmware | workstation | 8.0.3 | |
| vmware | workstation | 8.0.4 | |
References
- http://osvdb.org/87119
- http://www.securityfocus.com/bid/56470
- http://www.vmware.com/security/advisories/VMSA-2012-0015.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79923
- http://osvdb.org/87119
- http://www.securityfocus.com/bid/56470
- http://www.vmware.com/security/advisories/VMSA-2012-0015.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79923
Verify integrity in audit chain (admin only). AS-IS.