CVE-2013-3519

CWE-2643 documents3 sources

Severity

7.9HIGH

EPSS

0.2%

top 61.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ESX Vmware Esxi Vmware Fusion +2 more

Timeline

PublishedDec 4

Latest updateMay 17

Description

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages5 packages

▶NVDvmware/esxi4 versions+3

▶NVDvmware/fusion4 versions+3

▶NVDvmware/player5.0, 5.0.1, 5.0.2+2

▶NVDvmware/workstation9.0, 9.0.1, 9.0.2+2

▶NVDvmware/esx4.0, 4.1+1

🔴Vulnerability Details

GHSA

GHSA-8xv9-xcpm-7f4g: lgtosync↗2022-05-17

▶

CVEList

CVE-2013-3519: lgtosync↗2013-12-04

▶