VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Microsoft
  • Windows
Vmware
  • Ace
  • Esx
  • Esxi
  • Fusion
  • Player
  • Server
  • Workstation

Configuration 1 [-]

AND
OR cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html cve-icon cve-icon
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html cve-icon cve-icon
http://lists.vmware.com/pipermail/security-announce/2010/000090.html cve-icon cve-icon
http://secunia.com/advisories/39198 cve-icon cve-icon
http://secunia.com/advisories/39206 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201209-25.xml cve-icon cve-icon
http://www.securitytracker.com/id?1023832 cve-icon cve-icon
http://www.securitytracker.com/id?1023833 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2010-0007.html cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T01:14:06.463Z

Reserved: 2010-03-29T00:00:00

Link: CVE-2010-1141

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2010-04-12T18:30:00.663

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-1141

cve-icon Redhat

No data.