CVE-2015-2336

CWE-3994 documents4 sources
Severity
5.8MEDIUM
EPSS
0.1%
top 74.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Vmware FusionVmware Horizon ClientVmware Horizon View Client+2 more
Timeline
PublishedJun 13
Latest updateMay 17

Description

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897.

CVSS vector

AV:A/AC:L/C:P/I:P/A:PExploitability: 6.5 | Impact: 6.4

Affected Packages5 packages

NVDvmware/horizon_client3.2.0, 3.3+1
NVDvmware/horizon_view_client5.4, 5.4.1+1
NVDvmware/player8 versions+7
NVDvmware/workstation8 versions+7
NVDvmware/fusion8 versions+7

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-8p3f-5g82-5m35: TPView2022-05-17
CVEList
CVE-2015-2336: TPView2015-06-13

💥Exploits & PoCs

1
Exploit-DB
Wireshark - find_signature Stack Out-of-Bounds Read2015-12-16
CVE-2015-2336 (MEDIUM CVSS 5.8) | TPView.dll in VMware Workstation 10 | cvebase.io