Executive Summary

Informations
Name CVE-2015-3650 First vendor Publication 2015-07-10
Vendor Cve Last vendor Modification 2016-12-28

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-284 Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 14
Application 9

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0147 - VMware Player Privilege Escalation Vulnerability
Severity : Category I - VMSKEY : V0061069
2015-07-16 IAVM : 2015-A-0146 - VMware Workstation Privilege Escalation Vulnerability
Severity : Category I - VMSKEY : V0061091
2015-06-18 IAVM : 2015-B-0076 - Multiple Vulnerabilities in VMware Horizon View Client
Severity : Category I - VMSKEY : V0060965

Nessus® Vulnerability Scanner

Date Description
2015-07-16 Name : The virtualization application installed on the remote host is affected by a ...
File : vmware_horizon_view_client_vmsa_2015_0005.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The virtualization application installed on the remote host is affected by a ...
File : vmware_player_priv_esc_vmsa_2015_0005.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The virtualization application installed on the remote host is affected by a ...
File : vmware_workstation_priv_esc_vmsa_2015_0005.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0005.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://www.vmware.com/security/advisories/VMSA-2015-0005.html
MISC https://www.nettitude.co.uk/vmware-multiple-products-privilege-escalation/
SECTRACK http://www.securitytracker.com/id/1032822
http://www.securitytracker.com/id/1032823

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2021-05-04 12:39:49
  • Multiple Updates
2021-04-22 01:48:45
  • Multiple Updates
2020-05-23 00:45:15
  • Multiple Updates
2016-12-28 09:22:07
  • Multiple Updates
2016-04-27 02:23:28
  • Multiple Updates
2015-10-18 17:24:48
  • Multiple Updates
2015-07-22 05:31:22
  • Multiple Updates
2015-07-18 13:29:17
  • Multiple Updates
2015-07-16 09:30:35
  • Multiple Updates
2015-07-13 21:27:54
  • Multiple Updates
2015-07-10 21:27:45
  • First insertion