CVE-2010-3277 - OpenCVE

The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Player Workstation

Configuration 1 [-]

OR	cpe:2.3:a:vmware:workstation:7.0:::::::*
	cpe:2.3:a:vmware:workstation:7.0.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:vmware:player:3.0:::::::*
	cpe:2.3:a:vmware:player:3.0.1:::::::*
	cpe:2.3:a:vmware:player:3.1:::::::*
	cpe:2.3:a:vmware:player:3.1.1:::::::*

No data.

References

Link	Providers
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/41574
http://securitytracker.com/id?1024481
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/2491

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-28T17:00:00Z

Updated: 2024-09-17T03:49:11.046Z

Reserved: 2010-09-09T00:00:00Z

Link: CVE-2010-3277

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-09-28T18:00:03.293

Modified: 2010-09-29T04:00:00.000

Link: CVE-2010-3277

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-09-28T17:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"name": "41574", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41574"}, {"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"name": "ADV-2010-2491", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"name": "1024481", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024481"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3277", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"name": "41574", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41574"}, {"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"name": "ADV-2010-2491", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"name": "1024481", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024481"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:03:18.872Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"name": "41574", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41574"}, {"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"name": "ADV-2010-2491", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"name": "1024481", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1024481"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3277", "datePublished": "2010-09-28T17:00:00Z", "dateReserved": "2010-09-09T00:00:00Z", "dateUpdated": "2024-09-17T03:49:11.046Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF53DB66-4C79-47BB-AABD-6DCE2EF98E1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "13A31E93-7671-492E-A78F-89CF4703B04D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A115959-9CDA-45ED-9002-BA1A31074E81", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C158CD97-41BA-4422-9A55-B1A8650A0900", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "477D5F22-7DDD-461D-9CD1-2B2A968F6CB7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file."}, {"lang": "es", "value": "El instalador en VMware Workstation v7.x anterior v7.1.2 build 301548 y VMware Player v3.x anterior v3.1.2 build 301548 lanza un fichero index.htm si se presenta en el directorio de instalaci\u00f3n, lo que puede permitir a usuarios locales provocar una interpretaci\u00f3n no prevista de c\u00f3digo web o HTML por la creaci\u00f3n de dicho archivo. \r\n\r\n"}], "id": "CVE-2010-3277", "lastModified": "2010-09-29T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-28T18:00:03.293", "references": [{"source": "cve@mitre.org", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41574"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1024481"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2491"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}