CVE-2012-5458 - OpenCVE

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Vmware	Player Workstation

Configuration 1 [-]

AND

OR	cpe:2.3:a:vmware:player:4.0:::::::*
	cpe:2.3:a:vmware:player:4.0.0.18997:::::::*
	cpe:2.3:a:vmware:player:4.0.1:::::::*
	cpe:2.3:a:vmware:player:4.0.2:::::::*
	cpe:2.3:a:vmware:player:4.0.3:::::::*
	cpe:2.3:a:vmware:player:4.0.4:::::::*
	cpe:2.3:a:vmware:workstation:8.0:::::::*
	cpe:2.3:a:vmware:workstation:8.0.0.18997:::::::*
	cpe:2.3:a:vmware:workstation:8.0.1:::::::*
	cpe:2.3:a:vmware:workstation:8.0.1.27038:::::::*
	cpe:2.3:a:vmware:workstation:8.0.2:::::::*
	cpe:2.3:a:vmware:workstation:8.0.3:::::::*
	cpe:2.3:a:vmware:workstation:8.0.4:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/87118
http://www.securityfocus.com/bid/56469
http://www.vmware.com/security/advisories/VMSA-2012-0015.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/79924

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-11-14T11:00:00

Updated: 2024-08-06T21:05:47.237Z

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5458

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-11-14T12:30:59.757

Modified: 2017-08-29T01:32:41.027

Link: CVE-2012-5458

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-08T00:00:00", "descriptions": [{"lang": "en", "value": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "workstation-player-priv-esc(79924)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"}, {"name": "87118", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/87118"}, {"name": "56469", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56469"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5458", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "workstation-player-priv-esc(79924)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"}, {"name": "87118", "refsource": "OSVDB", "url": "http://osvdb.org/87118"}, {"name": "56469", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56469"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:47.237Z"}, "title": "CVE Program Container", "references": [{"name": "workstation-player-priv-esc(79924)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"}, {"name": "87118", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/87118"}, {"name": "56469", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56469"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5458", "datePublished": "2012-11-14T11:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:05:47.237Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "535E3D3C-76A5-405A-8F9D-21A86ED31D07", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*", "matchCriteriaId": "81AFBBE6-0B3B-44DB-BBEB-08C8B2C39038", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D09D7FB-78EE-4168-996D-FD3CF2E187BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "816F1646-A1C9-4E4A-BCE1-A34D00B51ABE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6D5FD2D7-9928-437B-8988-4FC955DE4F84", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C2932689-76D4-4907-9CF9-AD8F6B801579", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCE22BB0-F375-4883-BF6C-5A6369694EF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*", "matchCriteriaId": "01483038-BC89-44BA-B07B-362FC5D7E8C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD913295-9302-425A-A9E1-B0DF76AD3069", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*", "matchCriteriaId": "B671AC17-7064-4541-ADB3-FCD72109C766", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "51B6CAE2-A396-40C8-8FF0-D9EC64D5C9A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "21644868-F1B0-4A8E-BE73-4F42BEB8E834", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4944D9B1-A48B-4F32-951E-BEC3FEAC45FE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."}, {"lang": "es", "value": "VMware Workstation v8.x antes de v8.0.5 y VMware Player v4.x antes de v4.0.5 en Windows utiliza permisos d\u00e9biles para hilos de proceso no especificados, lo que permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host a trav\u00e9s de una aplicaci\u00f3n dise\u00f1ada."}], "id": "CVE-2012-5458", "lastModified": "2017-08-29T01:32:41.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-14T12:30:59.757", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/87118"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/56469"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}