Vulnerability Details : CVE-2010-4296
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.
Exploit prediction scoring system (EPSS) score for CVE-2010-4296
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4296
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2010-4296
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4296
-
http://lists.vmware.com/pipermail/security-announce/2010/000112.html
[Security-announce] VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issuesMailing List;Vendor Advisory
-
http://www.securitytracker.com/id?1024819
VMware Movie Decoder Heap Overflow in Decompression Routine Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://www.vmware.com/security/advisories/VMSA-2010-0018.html
VMSA-2010-0018Vendor Advisory
-
http://www.securitytracker.com/id?1024820
VMware Race Conditions and Input Validation Flaw Let Local Users on the Host Operating System Gain Elevated Privileges - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/45168
Multiple VMware products 'vmware-mount' Local Privilege Escalation VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/514995/100/0/threaded
SecurityFocusBroken Link;Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2010/3116
Webmail | OVH- OVHBroken Link;Third Party Advisory
Products affected by CVE-2010-4296
- cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*