CVE-2014-4199

Published: Aug 28, 2014Modified: May 6, 2026

6.3

Vector

AV:L/AC:M/Au:N/C:N/I:C/A:C

Exploitability: 3.4 / Impact: 9.2

Source: NVD

Description

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

Affected (6)

Products: Vmware: Tools, Vm Support, Workstation

3 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Vmware Tools	All versions
Vmware Vm Support	Version 0.88
Vmware Workstation	Up to 10.0.3
Vmware Workstation	Version 10.0.1
Vmware Workstation	Version 10.0.2
Vmware Workstation	Version 10.0

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (8)

http://seclists.org/fulldisclosure/2014/Aug/71

Source: cve@mitre.org

Exploit

http://www.osvdb.org/110458

Source: cve@mitre.org

http://www.securitytracker.com/id/1030758

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/95493

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2014/Aug/71

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.osvdb.org/110458

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030758

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/95493

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.