Executive Summary
| Summary | |
|---|---|
| Title | VMware hosted products address remote code execution vulnerability |
| Informations | |||
|---|---|---|---|
| Name | VMSA-2011-0011 | First vendor Publication | 2011-10-04 |
| Vendor | VMware | Last vendor Modification | 2011-10-04 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| a. UDF file system import remote code execution A buffer overflow vulnerability is present in the way UDF file systems are handled. This issue could allow for code execution if a user installs from a malicious ISO image that was specially crafted by an attacker. VMware would like to thank an anonymous contributor working with the SecuriTeam Secure Disclosure program for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name 3868.11-3868 to the issue. |
Original Source
| Url : http://www.vmware.com/security/advisories/VMSA-2011-0011.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w... File : nvt/glsa_201209_25.nasl |
| 2011-11-17 | Name : VMware Fusion UDF File Systems Buffer Overflow Vulnerability (Mac OS X) File : nvt/secpod_vmware_fusion_udf_filesys_bof_vuln_macosx.nasl |
| 2011-11-17 | Name : VMware Products UDF File Systems Buffer Overflow Vulnerability (Linux) File : nvt/secpod_vmware_prdts_udf_filesys_bof_vuln_lin.nasl |
| 2011-11-17 | Name : VMware Products UDF File Systems Buffer Overflow Vulnerability (Win) File : nvt/secpod_vmware_prdts_udf_filesys_bof_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 76060 | VMware Multiple Product UDF Filesystem ISO Image Handling Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-10-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO |
| 2011-06-06 | Name : The remote host has a virtualization application affected by multiple vulnera... File : macosx_fusion_3_1_3.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:07:20 |
|
| 2013-12-14 21:19:32 |
|
