CVE-2014-1209

Published: Apr 11, 2014Modified: May 6, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.

Affected (4)

Products: Vmware: Vsphere Client

Vmware

1 product

Vsphere Client

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Vmware Vsphere Client	Version 4.0
Vmware Vsphere Client	Version 4.1
Vmware Vsphere Client	Version 5.0
Vmware Vsphere Client	Version 5.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.vmware.com/security/advisories/VMSA-2014-0003.html

Source: cve@mitre.org

Vendor Advisory

http://www.vmware.com/security/advisories/VMSA-2014-0003.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.