CVE-2013-1406

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-1406
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.vmware.com/security/advisories/VMSA-2013-0002.html Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17164
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:9.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:vmware:fusion:4.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:5.0.1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:vmware:view:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:4.0.0:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:view:4.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.0.0:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2013-02-11 22:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-1406

Mitre link : CVE-2013-1406

CVE.ORG link : CVE-2013-1406

JSON object : View

Products Affected

vmware

  • fusion
  • esx
  • workstation
  • esxi
  • view

microsoft

  • windows
CWE
CWE-20

Improper Input Validation