CVE-2010-1139

Published: Apr 12, 2010Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

Affected (20)

Products: Vmware: Workstation, Player, Server, Fusion, Vix Api

5 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Vmware Workstation	Version 6.5.0
Vmware Workstation	Version 6.5.1
Vmware Workstation	Version 6.5.2
Vmware Workstation	Version 6.5.3

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Vmware Player	Version 2.5.1
Vmware Player	Version 2.5.2
Vmware Player	Version 2.5
Vmware Player	Version 2.5.3

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vmware Server	Version 2.0.0
Vmware Server	Version 2.0.1
Vmware Server	Version 2.0.2

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration D

7 vulnerable

Vulnerable Software	Affected Versions
Vmware Fusion	Version 2.0.1
Vmware Fusion	Version 2.0.2
Vmware Fusion	Version 2.0.3
Vmware Fusion	Version 2.0.4
Vmware Fusion	Version 2.0.5
Vmware Fusion	Version 2.0.6
Vmware Fusion	Version 2.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Vmware Vix Api	Version 1.6.0
Vmware Vix Api	Version 1.6.1

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (22)

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

Source: cve@mitre.org

http://lists.vmware.com/pipermail/security-announce/2010/000090.html

Source: cve@mitre.org

PatchVendor Advisory

http://osvdb.org/63606

Source: cve@mitre.org

http://secunia.com/advisories/39201

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/39206

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/39215

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201209-25.xml

Source: cve@mitre.org

http://www.securityfocus.com/bid/39407

Source: cve@mitre.org

http://www.securitytracker.com/id?1023835

Source: cve@mitre.org

http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Source: cve@mitre.org

PatchVendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.vmware.com/pipermail/security-announce/2010/000090.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://osvdb.org/63606

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/39201

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/39206

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/39215

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201209-25.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/39407

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1023835

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.