Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1666

4 documents4 sources
Severity
6.9MEDIUM
EPSS
0.2%
top 58.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Vmware FusionVmware PlayerVmware View+2 more
Timeline
PublishedSep 8
Latest updateMay 17

Description

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages5 packages

NVDvmware/view5.0+1
NVDvmware/fusion4.1.1+4
NVDvmware/player4.0.3+4
NVDvmware/workstation8.0.3+5
NVDvmware/esx4.1, 5.0+1

🔴Vulnerability Details

2
GHSA
GHSA-w89w-68w2-pjg9: Untrusted search path vulnerability in VMware Tools in VMware Workstation before 82022-05-17
CVEList
CVE-2012-1666: Untrusted search path vulnerability in VMware Tools in VMware Workstation before 82012-09-08

💥Exploits & PoCs

1
Exploit-DB
ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution2012-09-04
CVE-2012-1666 (MEDIUM CVSS 6.9) | Untrusted search path vulnerability | cvebase.io