| Vulnerability Name: | CVE-2012-1666 (CCN-78301) | ||||||||
| Assigned: | 2012-09-04 | ||||||||
| Published: | 2012-09-04 | ||||||||
| Updated: | 2012-09-10 | ||||||||
| Summary: | Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path' | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.4 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20120904 VMWare Tools susceptible to binary planting by hijack Source: MITRE Type: CNA CVE-2012-1666 Source: CCN Type: Packetstorm Security Website VMWare Tools Binary Planting Source: CCN Type: BID-55421 ThinPrint 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution Vulnerability Source: XF Type: UNKNOWN vmware-dll-code-exec(78301) Source: CCN Type: VMWare Web site VMWare Source: CONFIRM Type: UNKNOWN https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||