CVE-2010-4297

Published: Dec 6, 2010Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.

Affected (37)

Products: Vmware: Workstation, Player, Fusion, Esxi, Esx

5 products

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Vmware Workstation	Version 6.5.0
Vmware Workstation	Version 6.5.1
Vmware Workstation	Version 6.5.2
Vmware Workstation	Version 6.5.3
Vmware Workstation	Version 6.5.5
Vmware Workstation	Version 7.0.1
Vmware Workstation	Version 7.0
Vmware Workstation	Version 7.1.1
Vmware Workstation	Version 7.1.2
Vmware Workstation	Version 7.1

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Vmware Player	Version 2.5.1
Vmware Player	Version 2.5.2
Vmware Player	Version 2.5.3
Vmware Player	Version 2.5.4
Vmware Player	Version 2.5.5
Vmware Player	Version 2.5
Vmware Player	Version 3.1.1
Vmware Player	Version 3.1.2
Vmware Player	Version 3.1

Configuration C

12 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vmware Fusion	Version 2.0.1
Vmware Fusion	Version 2.0.2
Vmware Fusion	Version 2.0.3
Vmware Fusion	Version 2.0.4
Vmware Fusion	Version 2.0.5
Vmware Fusion	Version 2.0.6
Vmware Fusion	Version 2.0.7
Vmware Fusion	Version 2.0.8
Vmware Fusion	Version 2.0
Vmware Fusion	Version 3.1.1
Vmware Fusion	Version 3.1.2
Vmware Fusion	Version 3.1

Running on/with	Platform Versions
Vmware Server	Version 2.0.2

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Vmware Esxi	Version 3.5
Vmware Esxi	Version 4.0
Vmware Esxi	Version 4.1

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Vmware Esx	Version 3.5
Vmware Esx	Version 4.0
Vmware Esx	Version 4.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (20)

http://lists.vmware.com/pipermail/security-announce/2010/000112.html

Source: cve@mitre.org

http://osvdb.org/69590

Source: cve@mitre.org

http://secunia.com/advisories/42480

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/42482

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/514995/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/45166

Source: cve@mitre.org

http://www.securitytracker.com/id?1024819

Source: cve@mitre.org

http://www.securitytracker.com/id?1024820

Source: cve@mitre.org

http://www.vmware.com/security/advisories/VMSA-2010-0018.html

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3116

Source: cve@mitre.org

Vendor Advisory

http://lists.vmware.com/pipermail/security-announce/2010/000112.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/69590

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42480

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/42482

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/514995/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45166

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1024819

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1024820

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vmware.com/security/advisories/VMSA-2010-0018.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3116

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.