| Vulnerability Name: | CVE-2010-3277 (CCN-62004) | ||||||||
| Assigned: | 2010-09-23 | ||||||||
| Published: | 2010-09-23 | ||||||||
| Updated: | 2010-09-29 | ||||||||
| Summary: | The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N) 1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-3277 Source: CCN Type: VMSA-2010-0014 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues Source: MLIST Type: UNKNOWN [security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues Source: CCN Type: SA41574 VMware Update for Workstation and Player Source: SECUNIA Type: Vendor Advisory 41574 Source: CCN Type: SECTRACK ID: 1024481 VMware Workstation and Player Installer Displays HTML File From Current Working Directory Source: SECTRACK Type: UNKNOWN 1024481 Source: CCN Type: OSVDB ID: 68273 VMware Multiple Products Installer index.htm File Rendering Local Script Manipulation Source: CONFIRM Type: Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2010-0014.html Source: VUPEN Type: Vendor Advisory ADV-2010-2491 Source: XF Type: UNKNOWN workstation-player-installers-info-disc(62004) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||