Vulnerability Details : CVE-2010-3277
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file.
Exploit prediction scoring system (EPSS) score for CVE-2010-3277
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3277
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2010-3277
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3277
-
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
[Security-announce] VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues
-
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
VMSA-2010-0014.1Vendor Advisory
-
http://securitytracker.com/id?1024481
VMware Workstation and Player Installer Displays HTML File From Current Working Directory - SecurityTracker
-
http://www.vupen.com/english/advisories/2010/2491
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-3277
- cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*