VMware Workstation/Player 4.0.4/8.0.4 Library untrusted search path
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.9 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in VMware Workstation and Player 4.0.4/8.0.4. The impacted element is an unknown function of the component Library Handler. Performing a manipulation results in untrusted search path. This vulnerability is known as CVE-2012-5459. Furthermore, an exploit is available. It is recommended to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in VMware Workstation and Player 4.0.4/8.0.4 (Virtualization Software). This affects some unknown processing of the component Library Handler. The manipulation with an unknown input leads to a untrusted search path vulnerability. CWE is classifying the issue as CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. This is going to have an impact on confidentiality, and integrity. The summary by CVE is:
Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder."
The weakness was published 11/08/2012 by Derek Soeder with eEye as VMSA-2012-0015 as confirmed posting (Website). It is possible to read the advisory at vmware.com. The public release has been coordinated with VMware. This vulnerability is uniquely identified as CVE-2012-5459 since 10/24/2012. Attacking locally is a requirement. Required for exploitation is a authentication. Technical details are unknown but a private exploit is available. The attack technique deployed by this issue is T1574 according to MITRE ATT&CK.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 63076 (VMware Player 4.x < 4.0.5 Multiple Vulnerabilities (VMSA-2012-0015)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows.
Upgrading to version 8.0.5 or 4.0.5 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (79923), Tenable (63076), SecurityFocus (BID 56470†), OSVDB (87119†) and Secunia (SA51237†). Similar entries are available at VDB-6913 and VDB-6914. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.vmware.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.4VulDB Meta Temp Score: 3.9
VulDB Base Score: 4.4
VulDB Temp Score: 3.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Untrusted search pathCWE: CWE-426
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Access: Private
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 63076
Nessus Name: VMware Player 4.x < 4.0.5 Multiple Vulnerabilities (VMSA-2012-0015)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Workstation/Player 8.0.5/4.0.5
Timeline
10/24/2012 🔍11/08/2012 🔍
11/08/2012 🔍
11/08/2012 🔍
11/09/2012 🔍
11/09/2012 🔍
11/09/2012 🔍
11/09/2012 🔍
11/12/2012 🔍
11/14/2012 🔍
11/18/2012 🔍
04/19/2021 🔍
Sources
Vendor: vmware.comAdvisory: VMSA-2012-0015
Researcher: Derek Soeder
Organization: eEye
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2012-5459 (🔍)
GCVE (CVE): GCVE-0-2012-5459
GCVE (VulDB): GCVE-100-6915
IAVM: 🔍
X-Force: 79923 - VMware Workstation and Player DLL code execution, High Risk
SecurityFocus: 56470 - VMware Player and Workstation Insecure Library Loading Arbitrary Code Execution Vulnerability
Secunia: 51237 - VMware Workstation / Player Multiple Vulnerabilities, Moderately Critical
OSVDB: 87119
SecurityTracker: 1027742 - VMware Workstation and Player Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Vulnerability Center: 37284 - VMware Workstation and Player Local Privilege Escalation via a Trojan Horse DLL, High
scip Labs: https://www.scip.ch/en/?labs.20060413
See also: 🔍
Entry
Created: 11/12/2012 09:52Updated: 04/19/2021 09:09
Changes: 11/12/2012 09:52 (92), 04/21/2017 13:18 (1), 04/19/2021 09:09 (3)
Complete: 🔍
Committer: olku
Cache ID: 216:232:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.