CVE-2010-1139 Information
Description
Format string vulnerability in vmrun in VMware VIX API 1.6.x VMware Workstation 6.5.x before 6.5.4 build 246459 VMware Player 2.5.x before 2.5.4 build 246459 and VMware Server 2.x on Linux and VMware Fusion 2.x before 2.0.7 build 246742 allows local users to gain privileges via format string specifiers in process metadata.
Reference
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://osvdb.org/63606 http://secunia.com/advisories/39201 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/39407 http://www.securitytracker.com/id?1023835 http://www.vmware.com/security/advisories/VMSA-2010-0007.html
Share on: