Vulnerability Name:

CVE-2010-1140 (CCN-57665)

Assigned:2010-04-09
Published:2010-04-09
Updated:2013-05-15
Summary:The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: BUGTRAQ
Type: UNKNOWN
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

Source: FULLDISC
Type: UNKNOWN
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

Source: MITRE
Type: CNA
CVE-2010-1140

Source: CCN
Type: VMSA-2010-0007
VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

Source: MLIST
Type: Patch, Vendor Advisory
[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

Source: CCN
Type: SA39206
VMware Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
39206

Source: GENTOO
Type: UNKNOWN
GLSA-201209-25

Source: CCN
Type: SECTRACK ID: 1023834
VMware Workstation and Player USB Service Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1023834

Source: CCN
Type: OSVDB ID: 63860
VMWare Multiple Products USB Service Host Privilege Escalation

Source: CCN
Type: BID-39345
RETIRED: VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities

Source: BID
Type: UNKNOWN
39397

Source: CCN
Type: BID-39397
VMware Hosted Products USB Service Local Privilege Escalation Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Source: XF
Type: UNKNOWN
workstation-usb-privilege-escalation(57665)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:workstation:7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:vmware:player:3.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:workstation:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:player:3.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vmware workstation 7.0
    microsoft windows *
    vmware player 3.0
    microsoft windows *
    vmware workstation 7.0
    vmware player 3.0