[CLOSE] OSVDB ID : 27418 - Disclosed: 2006-07-18

Description:

VMware ESX Server, VMware GSX Server, VMware Player, VMware Server, and VMware Workstation utilize a flawed vmware-config.pl script that may lead to an unauthorized information disclosure. Under certain circumstances, the vmware-config.pl script may set weak file permissions on the SSL key used by VMware to encrypt console and management communications. If this key file is accessed by unauthorized users, it can be used to attack and decrypt the SSL communications of the affected VMware product, leading to a loss of confidentiality. This issue is not valid for VMware products running under the Windows operating system.

[CLOSE] OSVDB ID : 5475 - Disclosed: 2001-07-30

Description:

Vmware contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the installation process, which will disclose user names and license key information to other local users resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 80121 - Disclosed: 2012-03-15

Description:

VMware vShield Manager contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for certain unspecified actions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 80119 - Disclosed: 2012-03-15

Description:

VMware vSphere Client contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input when viewing log entries. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 33221 - Disclosed: 2007-02-03

Description:

(Description Provided by CVE) : VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system.

[CLOSE] OSVDB ID : 12169 - Disclosed: 2004-11-29

Description:

VMware Workstation contains a flaw that may allow a malicious user to do privilege escalation. The issue is triggered when VMware is installed with suid and format specifier characters are passed using the command line. It is possible that the flaw may facilitate privilege escalation resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13823 - Disclosed: 2005-02-14

Description:

(Description Provided by CVE) : VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.

[CLOSE] OSVDB ID : 48051 - Disclosed: 2008-08-17

Description:

(Description Provided by CVE) : hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.

[CLOSE] OSVDB ID : 56072 - Disclosed: 2009-04-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35509 - Disclosed: 2007-05-01

Description:

(Description Provided by CVE) : VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction."

[CLOSE] OSVDB ID : 35507 - Disclosed: 2007-05-01

Description:

(Description Provided by CVE) : The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).

[CLOSE] OSVDB ID : 57836 - Disclosed: 2009-09-04

Description:

(Description Provided by CVE) : The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.

[CLOSE] OSVDB ID : 57835 - Disclosed: 2009-09-04

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters).

[CLOSE] OSVDB ID : 48253 - Disclosed: 2008-08-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.

[CLOSE] OSVDB ID : 45244 - Disclosed: 2007-02-19

Description:

(Description Provided by CVE) : VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permisssions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe.

[CLOSE] OSVDB ID : 40088 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.

[CLOSE] OSVDB ID : 21011 - Disclosed: 2005-11-15

Description:

(Description Provided by CVE) : Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.

[CLOSE] OSVDB ID : 33222 - Disclosed: 2007-02-03

Description:

(Description Provided by CVE) : VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.

[CLOSE] OSVDB ID : 35505 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.

[CLOSE] OSVDB ID : 2222 - Disclosed: 2003-06-27

Description:

In-Reply-To: <[email protected]> VMware have posted a knowledge base article on 2003-06-27 that describes the workaround to protect a system against potential priviledge escalation. It is at: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019 >Received: (qmail 31575 invoked from network); 27 Jun 2003 17:55:34 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 27 Jun 2003 17:55:34 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id C44698F6FE; Fri, 27 Jun 2003 11:31:17 -0600 (MDT) >Mailing-List: contact [email protected]; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:[email protected]> >List-Help: <mailto:[email protected]> >List-Unsubscribe: <mailto:[email protected]> >List-Subscribe: <mailto:[email protected]> >Delivered-To: mailing list [email protected] >Delivered-To: moderator for [email protected] >Received: (qmail 18375 invoked from network); 26 Jun 2003 22:05:14 -0000 >Date: 26 Jun 2003 22:08:25 -0000 >Message-ID: <[email protected]> >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: binary >MIME-Version: 1.0 >X-Mailer: MIME-tools 5.411 (Entity 5.404) >From: VMware <[email protected]> >To: [email protected] >Subject: VMware Workstation 4.0: Possible privilege escalation on the host > via symlink manipulation > > > >It is possible for a user to gain an esclation in privileges on a system >running VMware Workstation 4.0 for Linux systems by symlink manipulation >in a world-writable directory such as /tmp. > >Affected systems: VMware Workstation 4.0 for Linux systems > >Dates: This was reported to VMware on 2003-06-17 and VMware is posting this >to Bugtraq on 2003-06-26. > >Resolutions: >1. VMware has identified a workaround and a Knowledge Base article will be >posted by noon Pacific Time on 2003-06-27 at the following url. > >http://www.vmware.com/kb > >2. VMware plans to release a patch that will resolve this problem >shortly. VMware will announce details when available. >

[CLOSE] OSVDB ID : 63614 - Disclosed: 2010-04-09

Description:

(Description Provided by CVE) : Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.

[CLOSE] OSVDB ID : 63615 - Disclosed: 2010-04-09

Description:

(Description Provided by CVE) : vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."

[CLOSE] OSVDB ID : 71783 - Disclosed: 2011-03-29

Description:

(Description Provided by CVE) : VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.

[CLOSE] OSVDB ID : 35506 - Disclosed: 2007-05-07

Description:

(Description Provided by CVE) : VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.

[CLOSE] OSVDB ID : 35508 - Disclosed: 2007-05-01

Description:

(Description Provided by CVE) : The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.

[CLOSE] OSVDB ID : 40086 - Disclosed: 2007-08-28

Description:

(Description Provided by CVE) : vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode.

[CLOSE] OSVDB ID : 40087 - Disclosed: 2007-08-28

Description:

(Description Provided by CVE) : Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 59285 - Disclosed: 2009-05-16

Description:

(Description Provided by CVE) : Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.

[CLOSE] OSVDB ID : 59287 - Disclosed: 2009-06-28

Description:

(Description Provided by CVE) : Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.

[CLOSE] OSVDB ID : 59286 - Disclosed: 2009-06-12

Description:

(Description Provided by CVE) : Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.