CVE-2015-3650

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.2HIGH

EPSS

0.1%

top 67.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Horizon View Client Vmware Player Vmware Workstation

Timeline

PublishedJul 10

Latest updateMay 17

Description

vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDvmware/horizon_view_client5.4, 5.4.1+1

▶NVDvmware/player14 versions+13

▶NVDvmware/workstation9 versions+8

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-c3fp-4gq7-m24g: vmware-vmx↗2022-05-17

▶

CVEList

CVE-2015-3650: vmware-vmx↗2015-07-10

▶