exploitDog

GHSA-3jcj-m65j-r72c

Опубликовано: 02 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

Ссылки

EPSS

Процентиль: 23%

0.00075

Низкий

CVE ID

Дефекты

CWE-134

Связанные уязвимости

CVE-2010-1139

nvd

почти 16 лет назад

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

EPSS

Процентиль: 23%

0.00075

Низкий

CVE ID

Дефекты

CWE-134