CVE-2010-1138

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-1138
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://lists.vmware.com/pipermail/security-announce/2010/000090.html Patch Vendor Advisory
http://osvdb.org/63607
http://secunia.com/advisories/39203 Vendor Advisory
http://secunia.com/advisories/39206 Vendor Advisory
http://secunia.com/advisories/39215 Vendor Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://www.securityfocus.com/bid/39395
http://www.securitytracker.com/id?1023836
http://www.vmware.com/security/advisories/VMSA-2010-0007.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2010-04-12 18:30

Updated : 2023-12-10 11:03

NVD link : CVE-2010-1138

Mitre link : CVE-2010-1138

CVE.ORG link : CVE-2010-1138

JSON object : View

Products Affected

vmware

  • player
  • fusion
  • server
  • ace
  • workstation

microsoft

  • windows
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor