CVE-2012-1666

Severity

69%

Complexity

34%

Confidentiality

165%

Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.

Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 12 years ago

2012-09-08 10:28:00

Last updated 12 years ago

2012-09-10 04:00:00

Affected Software

VMWare Workstation 8.0

8.0

Vmware Workstation 8.0.0.18997

8.0.0.18997

VMWare Workstation 8.0.1

8.0.1

Vmware Workstation 8.0.1.27038

8.0.1.27038

VMWare Workstation 8.0.2

8.0.2

VMWare VMWare

VMware Player 4.0

4.0

Vmware Player 4.0.0.18997

4.0.0.18997

VMware Player 4.0.1

4.0.1

VMware Player 4.0.2

4.0.2

VMWare Player

VMware Fusion 4.0

4.0

VMware Fusion 4.0.1

4.0.1

VMware Fusion 4.0.2

4.0.2

VMware Fusion 4.1

4.1

VMware Fusion

VMware View 4.6.0

4.6.0

VMWare ESX 4.1

4.1

VMWare ESX 5.0

5.0

References

20120904 VMWare Tools susceptible to binary planting by hijack

https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.