cvelistv5 - cve-2012-5458

CVE-2012-5458 (GCVE-0-2012-5458)

Vulnerability from cvelistv5 – Published: 2012-11-14 11:00 – Updated: 2024-08-06 21:05

Summary

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/87118	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/56469	vdb-entryx_refsource_BID
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "workstation-player-priv-esc(79924)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
          },
          {
            "name": "87118",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/87118"
          },
          {
            "name": "56469",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "workstation-player-priv-esc(79924)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
        },
        {
          "name": "87118",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/87118"
        },
        {
          "name": "56469",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5458",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "workstation-player-priv-esc(79924)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
            },
            {
              "name": "87118",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/87118"
            },
            {
              "name": "56469",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56469"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5458",
    "datePublished": "2012-11-14T11:00:00",
    "dateReserved": "2012-10-24T00:00:00",
    "dateUpdated": "2024-08-06T21:05:47.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"535E3D3C-76A5-405A-8F9D-21A86ED31D07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81AFBBE6-0B3B-44DB-BBEB-08C8B2C39038\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D09D7FB-78EE-4168-996D-FD3CF2E187BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"816F1646-A1C9-4E4A-BCE1-A34D00B51ABE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D5FD2D7-9928-437B-8988-4FC955DE4F84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2932689-76D4-4907-9CF9-AD8F6B801579\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCE22BB0-F375-4883-BF6C-5A6369694EF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01483038-BC89-44BA-B07B-362FC5D7E8C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD913295-9302-425A-A9E1-B0DF76AD3069\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B671AC17-7064-4541-ADB3-FCD72109C766\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51B6CAE2-A396-40C8-8FF0-D9EC64D5C9A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21644868-F1B0-4A8E-BE73-4F42BEB8E834\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4944D9B1-A48B-4F32-951E-BEC3FEAC45FE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.\"}, {\"lang\": \"es\", \"value\": \"VMware Workstation v8.x antes de v8.0.5 y VMware Player v4.x antes de v4.0.5 en Windows utiliza permisos d\\u00e9biles para hilos de proceso no especificados, lo que permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host a trav\\u00e9s de una aplicaci\\u00f3n dise\\u00f1ada.\"}]",
      "id": "CVE-2012-5458",
      "lastModified": "2024-11-21T01:44:42.190",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 8.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 6.5, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-11-14T12:30:59.757",
      "references": "[{\"url\": \"http://osvdb.org/87118\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/56469\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2012-0015.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/79924\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/87118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/56469\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2012-0015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/79924\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-5458\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-11-14T12:30:59.757\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.\"},{\"lang\":\"es\",\"value\":\"VMware Workstation v8.x antes de v8.0.5 y VMware Player v4.x antes de v4.0.5 en Windows utiliza permisos d\u00e9biles para hilos de proceso no especificados, lo que permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host a trav\u00e9s de una aplicaci\u00f3n dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"535E3D3C-76A5-405A-8F9D-21A86ED31D07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81AFBBE6-0B3B-44DB-BBEB-08C8B2C39038\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D09D7FB-78EE-4168-996D-FD3CF2E187BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"816F1646-A1C9-4E4A-BCE1-A34D00B51ABE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5FD2D7-9928-437B-8988-4FC955DE4F84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2932689-76D4-4907-9CF9-AD8F6B801579\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCE22BB0-F375-4883-BF6C-5A6369694EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01483038-BC89-44BA-B07B-362FC5D7E8C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD913295-9302-425A-A9E1-B0DF76AD3069\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B671AC17-7064-4541-ADB3-FCD72109C766\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51B6CAE2-A396-40C8-8FF0-D9EC64D5C9A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21644868-F1B0-4A8E-BE73-4F42BEB8E834\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4944D9B1-A48B-4F32-951E-BEC3FEAC45FE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/87118\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/56469\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2012-0015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/79924\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/87118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/56469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2012-0015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/79924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2012-5458

Vulnerability from fkie_nvd - Published: 2012-11-14 12:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/87118
cve@mitre.org	http://www.securityfocus.com/bid/56469
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2012-0015.html	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/79924
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/87118
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/56469
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2012-0015.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/79924

Impacted products

Vendor	Product	Version
vmware	player	4.0
vmware	player	4.0.0.18997
vmware	player	4.0.1
vmware	player	4.0.2
vmware	player	4.0.3
vmware	player	4.0.4
vmware	workstation	8.0
vmware	workstation	8.0.0.18997
vmware	workstation	8.0.1
vmware	workstation	8.0.1.27038
vmware	workstation	8.0.2
vmware	workstation	8.0.3
vmware	workstation	8.0.4
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "535E3D3C-76A5-405A-8F9D-21A86ED31D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*",
              "matchCriteriaId": "81AFBBE6-0B3B-44DB-BBEB-08C8B2C39038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D09D7FB-78EE-4168-996D-FD3CF2E187BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "816F1646-A1C9-4E4A-BCE1-A34D00B51ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5FD2D7-9928-437B-8988-4FC955DE4F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2932689-76D4-4907-9CF9-AD8F6B801579",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCE22BB0-F375-4883-BF6C-5A6369694EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*",
              "matchCriteriaId": "01483038-BC89-44BA-B07B-362FC5D7E8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD913295-9302-425A-A9E1-B0DF76AD3069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*",
              "matchCriteriaId": "B671AC17-7064-4541-ADB3-FCD72109C766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B6CAE2-A396-40C8-8FF0-D9EC64D5C9A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "21644868-F1B0-4A8E-BE73-4F42BEB8E834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4944D9B1-A48B-4F32-951E-BEC3FEAC45FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."
    },
    {
      "lang": "es",
      "value": "VMware Workstation v8.x antes de v8.0.5 y VMware Player v4.x antes de v4.0.5 en Windows utiliza permisos d\u00e9biles para hilos de proceso no especificados, lo que permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host a trav\u00e9s de una aplicaci\u00f3n dise\u00f1ada."
    }
  ],
  "id": "CVE-2012-5458",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-14T12:30:59.757",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/87118"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/56469"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/87118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2012-AVI-642

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans VMware Workstation et Player. La plus critique permet à un attaquant de modifier les permissions d'un fil d'exécution (thread) pour provoquer une élévation de privilèges. Une autre vulnérabilité permet à un attaquant d'exécuter du code arbitraire au moyen de fichiers .OVF spécialement conçus.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Player versions antérieures à 4.0.5 pour Windows
VMware	N/A	VMware Workstation versions antérieures à 8.0.5 pour Windows
VMware	N/A	VMware OVF Tool versions antérieures à 3.0.1 pour Windows

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 08 novembre 2012	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2012-0015 du 08 novembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Player versions ant\u00e9rieures \u00e0 4.0.5 pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation versions ant\u00e9rieures \u00e0 8.0.5 pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware OVF Tool versions ant\u00e9rieures \u00e0 3.0.1 pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5458"
    },
    {
      "name": "CVE-2012-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3569"
    },
    {
      "name": "CVE-2012-5459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5459"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0015 du 08 novembre    2012 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
    }
  ],
  "reference": "CERTA-2012-AVI-642",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVMware Workstation et Player\u003c/span\u003e. La plus critique\npermet \u00e0 un attaquant de modifier les permissions d\u0027un fil d\u0027ex\u00e9cution\n(thread) pour provoquer une \u00e9l\u00e9vation de privil\u00e8ges. Une autre\nvuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire au\nmoyen de fichiers \u003cspan class=\"textit\"\u003e.OVF\u003c/span\u003e sp\u00e9cialement con\u00e7us.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Workstation et Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 08 novembre 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-642

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Player versions antérieures à 4.0.5 pour Windows
VMware	N/A	VMware Workstation versions antérieures à 8.0.5 pour Windows
VMware	N/A	VMware OVF Tool versions antérieures à 3.0.1 pour Windows

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 08 novembre 2012	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2012-0015 du 08 novembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Player versions ant\u00e9rieures \u00e0 4.0.5 pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation versions ant\u00e9rieures \u00e0 8.0.5 pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware OVF Tool versions ant\u00e9rieures \u00e0 3.0.1 pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5458"
    },
    {
      "name": "CVE-2012-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3569"
    },
    {
      "name": "CVE-2012-5459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5459"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0015 du 08 novembre    2012 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
    }
  ],
  "reference": "CERTA-2012-AVI-642",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVMware Workstation et Player\u003c/span\u003e. La plus critique\npermet \u00e0 un attaquant de modifier les permissions d\u0027un fil d\u0027ex\u00e9cution\n(thread) pour provoquer une \u00e9l\u00e9vation de privil\u00e8ges. Une autre\nvuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire au\nmoyen de fichiers \u003cspan class=\"textit\"\u003e.OVF\u003c/span\u003e sp\u00e9cialement con\u00e7us.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Workstation et Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 08 novembre 2012",
      "url": null
    }
  ]
}

GHSA-F9MP-7F7V-39G9

Vulnerability from github – Published: 2022-05-17 01:39 – Updated: 2022-05-17 01:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-5458"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-11-14T12:30:00Z",
    "severity": "HIGH"
  },
  "details": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.",
  "id": "GHSA-f9mp-7f7v-39g9",
  "modified": "2022-05-17T01:39:26Z",
  "published": "2022-05-17T01:39:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5458"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/87118"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/56469"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-5458

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-5458

Aliases

CVE-2012-5458

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-5458",
    "description": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.",
    "id": "GSD-2012-5458"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-5458"
      ],
      "details": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.",
      "id": "GSD-2012-5458",
      "modified": "2023-12-13T01:20:18.856773Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-5458",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "workstation-player-priv-esc(79924)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
          },
          {
            "name": "87118",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/87118"
          },
          {
            "name": "56469",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/56469"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5458"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
            },
            {
              "name": "56469",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/56469"
            },
            {
              "name": "87118",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/87118"
            },
            {
              "name": "workstation-player-priv-esc(79924)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:32Z",
      "publishedDate": "2012-11-14T12:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-5458 (GCVE-0-2012-5458)

FKIE_CVE-2012-5458

CERTA-2012-AVI-642

Solution

CERTA-2012-AVI-642

Solution

GHSA-F9MP-7F7V-39G9

GSD-2012-5458

Tags

Sightings

Nomenclature