CVE-2009-2267

Severity

69%

Complexity

34%

Confidentiality

165%

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 15 years ago

2009-11-02 15:30:00

Last updated 6 years ago

2018-10-10 19:39:00

Affected Software

VMware Player 2.5

2.5

VMware Player 2.5.1

2.5.1

VMware Player 2.5.2

2.5.2

VMWare VMware Server 1.0

1.0

VMWare Server 1.0.1

1.0.1

VMWare Server 1.0.2

1.0.2

VMWare Server 1.0.3

1.0.3

VMWare Server 1.0.4

1.0.4

VMWare Server 1.0.5

1.0.5

VMWare Server 1.0.6

1.0.6

VMWare Server 1.0.7

1.0.7

VMWare Server 1.0.8

1.0.8

VMWare Server 1.0.9

1.0.9

VMware Server 2.0.1

2.0.1

VMware Workstation 6.5.0

6.5.0

VMWare Workstation 6.5.1

6.5.1

VMWare Workstation 6.5.2

6.5.2

References

[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues

Vendor Advisory

37172

Vendor Advisory

GLSA-201209-25

1023082

1023083

20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues

20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation

36841

Exploit

http://www.vmware.com/security/advisories/VMSA-2009-0015.html

Patch, Vendor Advisory

ADV-2009-3062

Vendor Advisory

oval:org.mitre.oval:def:8473

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.