cve-2010-4297
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:43
Severity ?
EPSS score ?
Summary
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45166"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42480"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a \"command injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45166"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42480"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a \"command injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69590",
"refsource": "OSVDB",
"url": "http://osvdb.org/69590"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45166"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42480"
},
{
"name": "1024819",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4297",
"datePublished": "2010-12-06T21:00:00",
"dateReserved": "2010-11-18T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-4297\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-12-06T21:05:49.483\",\"lastModified\":\"2018-10-10T20:08:03.600\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a \\\"command injection\\\" issue.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad actualizar de VMware Tools en VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548; VMware Player 2.5.x anteriores a la 2.5.5 build 328052 y 3.1.x anteriores a la 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x anteriores a la 2.0.8 build 328035 y 3.1.x anteriores a la 3.1.2 build 332101; VMware ESXi 3.5, 4.0, y 4.1; y VMware ESX 3.0.3, 3.5, 4.0, y 4.1 permite a los usuarios del SO base escalar privilegios en el SO invitado a trav\u00e9s de vectores sin especificar. Relacionado con inyecciones de comandos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.2},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8F3BFF-676B-4E2C-98BA-DCA71E49060F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3E658DA-56E8-49F0-B486-4EF622B63627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"541D77A2-99C5-4CDB-877F-7E83E1E3369E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6B53C0A-5A0C-4168-8AD3-F3E957AE8919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A172221-19AB-4F7D-AA28-94AD5A6EFBF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB33DBC9-3B63-457E-A353-B9E7378211AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF53DB66-4C79-47BB-AABD-6DCE2EF98E1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13A31E93-7671-492E-A78F-89CF4703B04D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99ADA116-A571-4788-8DF2-09E8A2AF92F4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE944A70-CB9C-4712-9802-509531396A02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62DA49FA-6657-45B5-BF69-D3A03BA62A4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"949C3917-4D7E-4B51-A872-BFBECB4D2CB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"656039E8-8082-4208-B046-518D95769B25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80003D5E-B63F-4635-94ED-706375A4F86F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C158CD97-41BA-4422-9A55-B1A8650A0900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477D5F22-7DDD-461D-9CD1-2B2A968F6CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C174C452-7249-4B26-9F26-DFE9B3476874\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E18541B-36B6-40A7-9749-FA47A10379C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55EBD95F-3DF7-49F3-A7AA-47085E0B7C88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6DA47C9-3D1A-49A7-8976-AE05D6730673\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"692CC131-5C6C-4AD6-B85C-07DF21168BC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"617EFBFF-D047-4A0B-ACB6-83B27710F6F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1D0DF91-17E8-45D4-B625-737FE50C23CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6C47EB8-8844-4D49-9246-008F7AE45C60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C27806A-7AC9-4B7A-97EA-602FDB1C96CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90CA88D9-52D8-4365-9DEB-7FB36A6A86A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"051D820C-E5F4-4DA2-8914-5A33FCFF2D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69FFA61C-2258-4006-AECA-D324F5700990\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50D2840A-5AF2-4AC4-9243-07CE93E9E9B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E565F23-AEEE-41A4-80EC-01961AD5560E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD59C463-F352-4F6C-853F-415E3FB4ABDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BDAA7C8-8F2F-4037-A517-2C1EDB70B203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73C9E205-87EE-4CE2-A252-DED7BB6D4EAE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE5ECA1B-7415-4390-8018-670F2C3CDF35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"889DE9BE-886F-4BEF-A794-5B5DE73D2322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF\"}]}]}],\"references\":[{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000112.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/69590\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42480\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42482\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/514995/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/45166\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1024819\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1024820\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3116\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.