CVE-2012-2449

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.0CRITICAL

EPSS

2.0%

top 16.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ESX Vmware Esxi Vmware Fusion +2 more

Timeline

PublishedMay 4

Latest updateMay 17

Description

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages5 packages

▶NVDvmware/esxi4 versions+3

▶NVDvmware/fusion6 versions+5

▶NVDvmware/player4.0, 4.0.1, 4.0.2+2

▶NVDvmware/workstation8.0, 8.0.1, 8.0.2+2

▶NVDvmware/esx3.5, 4.0, 4.1+2

🔴Vulnerability Details

GHSA

GHSA-5h58-q44m-q85g: VMware Workstation 8↗2022-05-17

▶

CVEList

CVE-2012-2449: VMware Workstation 8↗2012-05-04

▶