cvelistv5 - cve-2016-2077

CVE-2016-2077 (GCVE-0-2016-2077)

Vulnerability from cvelistv5 – Published: 2016-05-18 14:00 – Updated: 2024-08-05 23:17

Summary

VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id/1035900	vdb-entryx_refsource_SECTRACK
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035900",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035900"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035900",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035900"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2077",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035900",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035900"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-2077",
    "datePublished": "2016-05-18T14:00:00",
    "dateReserved": "2016-01-26T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93872771-BD86-4707-926B-F6C3577C33A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B52D8903-B853-43A2-88C3-D79BBA70F8CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78016ED4-AEA7-4E54-8986-E997000CD646\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC7D0356-0C56-413C-B626-B3DF8275F53D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"492D7AD2-D660-48F5-A9BE-28CCA6A6B658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90F0250C-EE18-486B-90D7-348FEF01C2D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:11.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E33E15C-62ED-4E24-AB00-0632C8A90C6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:11.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C761DD95-A3CC-4998-B2F2-93F429BDF250\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"VMware Workstation 11.x en versiones anteriores a 11.1.3 y VMwaere Player 7.x en versiones anteriores a 7.1.3 en Windows acceden incorrectamente a un archivo ejecutable, lo que permite a los usuarios del SO anfitri\\u00f3n obtener los privilegios del anfitri\\u00f3n del sistema operativo a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2016-2077",
      "lastModified": "2024-11-21T02:47:45.803",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-05-18T14:59:04.427",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1035900\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2016-0005.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1035900\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2016-0005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-2077\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-05-18T14:59:04.427\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"VMware Workstation 11.x en versiones anteriores a 11.1.3 y VMwaere Player 7.x en versiones anteriores a 7.1.3 en Windows acceden incorrectamente a un archivo ejecutable, lo que permite a los usuarios del SO anfitri\u00f3n obtener los privilegios del anfitri\u00f3n del sistema operativo a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93872771-BD86-4707-926B-F6C3577C33A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B52D8903-B853-43A2-88C3-D79BBA70F8CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78016ED4-AEA7-4E54-8986-E997000CD646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC7D0356-0C56-413C-B626-B3DF8275F53D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492D7AD2-D660-48F5-A9BE-28CCA6A6B658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90F0250C-EE18-486B-90D7-348FEF01C2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:11.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E33E15C-62ED-4E24-AB00-0632C8A90C6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:11.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C761DD95-A3CC-4998-B2F2-93F429BDF250\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1035900\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2016-0005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1035900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2016-0005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2016-AVI-175

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware vSphere Replication versions 6.0.x antérieures à 6.0.0.3 sur Linux
VMware	vCenter Server	VMware vCenter Server versions 5.0 antérieures à 5.0 U3e sur Linux
VMware	N/A	VMware vCloud Director versions 5.6.x antérieures à 5.6.5.1 sur Linux
VMware	N/A	VMware vCloud Director versions 8.0.x antérieures à 8.0.1.1 sur Linux
VMware	N/A	VMware vSphere Replication versions 5.8.x antérieures à 5.8.1.2 sur Linux
VMware	vCenter Server	VMware vCenter Server versions 5.1 antérieures à 5.1 U3b sans le correctif de sécurité KB 2144428 sur Windows
VMware	N/A	VMware Workstation versions 11.x.x antérieures à 11.1.3 sur Windows
VMware	vCenter Server	VMware vCenter Server versions 5.0 antérieures à 5.0 U3e sans le correctif de sécurité KB 2144428 sur Windows
VMware	N/A	VMware Player versions 7.x.x antérieures à 7.1.3 sur Windows
VMware	vCenter Server	VMware vCenter Server versions 6.0.x antérieures à 6.0.0b sans le correctif de sécurité KB 2145343 sur Windows
VMware	vCenter Server	VMware vCenter Server versions 5.5 antérieures à 5.5 U3 sur Linux
VMware	vCenter Server	VMware vCenter Server versions 6.0.x antérieures à 6.0.0b sur Linux
VMware	N/A	VMware vCloud Director versions 5.5.x antérieures à 5.5.6.1 sur Linux
VMware	N/A	VMware vSphere Replication versions 5.6.x antérieures à 5.6.0.6 sur Linux
VMware	vCenter Server	VMware vCenter Server versions 5.1 antérieures à 5.1 U3b sur Linux
VMware	vCenter Server	VMware vCenter Server versions 5.5 antérieures à 5.5 U3d sur Windows

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2016-0005 du 17 mai 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vSphere Replication versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.3 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.0 ant\u00e9rieures \u00e0 5.0 U3e sur Linux",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCloud Director versions 5.6.x ant\u00e9rieures \u00e0 5.6.5.1 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCloud Director versions 8.0.x ant\u00e9rieures \u00e0 8.0.1.1 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vSphere Replication versions 5.8.x ant\u00e9rieures \u00e0 5.8.1.2 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.1 ant\u00e9rieures \u00e0 5.1 U3b sans le correctif de s\u00e9curit\u00e9 KB 2144428 sur Windows",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation versions 11.x.x ant\u00e9rieures \u00e0 11.1.3 sur Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.0 ant\u00e9rieures \u00e0 5.0 U3e sans le correctif de s\u00e9curit\u00e9 KB 2144428 sur Windows",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player versions 7.x.x ant\u00e9rieures \u00e0 7.1.3 sur Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.0b sans le correctif de s\u00e9curit\u00e9 KB 2145343 sur Windows",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.5 ant\u00e9rieures \u00e0 5.5 U3 sur Linux",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.0b sur Linux",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCloud Director versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.1 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vSphere Replication versions 5.6.x ant\u00e9rieures \u00e0 5.6.0.6 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.1 ant\u00e9rieures \u00e0 5.1 U3b sur Linux",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.5 ant\u00e9rieures \u00e0 5.5 U3d sur Windows",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3427"
    },
    {
      "name": "CVE-2016-2077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2077"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-175",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0005 du 17 mai 2016",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
    }
  ]
}

CERTFR-2016-AVI-175

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware vSphere Replication versions 6.0.x antérieures à 6.0.0.3 sur Linux
VMware	vCenter Server	VMware vCenter Server versions 5.0 antérieures à 5.0 U3e sur Linux
VMware	N/A	VMware vCloud Director versions 5.6.x antérieures à 5.6.5.1 sur Linux
VMware	N/A	VMware vCloud Director versions 8.0.x antérieures à 8.0.1.1 sur Linux
VMware	N/A	VMware vSphere Replication versions 5.8.x antérieures à 5.8.1.2 sur Linux
VMware	vCenter Server	VMware vCenter Server versions 5.1 antérieures à 5.1 U3b sans le correctif de sécurité KB 2144428 sur Windows
VMware	N/A	VMware Workstation versions 11.x.x antérieures à 11.1.3 sur Windows
VMware	vCenter Server	VMware vCenter Server versions 5.0 antérieures à 5.0 U3e sans le correctif de sécurité KB 2144428 sur Windows
VMware	N/A	VMware Player versions 7.x.x antérieures à 7.1.3 sur Windows
VMware	vCenter Server	VMware vCenter Server versions 6.0.x antérieures à 6.0.0b sans le correctif de sécurité KB 2145343 sur Windows
VMware	vCenter Server	VMware vCenter Server versions 5.5 antérieures à 5.5 U3 sur Linux
VMware	vCenter Server	VMware vCenter Server versions 6.0.x antérieures à 6.0.0b sur Linux
VMware	N/A	VMware vCloud Director versions 5.5.x antérieures à 5.5.6.1 sur Linux
VMware	N/A	VMware vSphere Replication versions 5.6.x antérieures à 5.6.0.6 sur Linux
VMware	vCenter Server	VMware vCenter Server versions 5.1 antérieures à 5.1 U3b sur Linux
VMware	vCenter Server	VMware vCenter Server versions 5.5 antérieures à 5.5 U3d sur Windows

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2016-0005 du 17 mai 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vSphere Replication versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.3 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.0 ant\u00e9rieures \u00e0 5.0 U3e sur Linux",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCloud Director versions 5.6.x ant\u00e9rieures \u00e0 5.6.5.1 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCloud Director versions 8.0.x ant\u00e9rieures \u00e0 8.0.1.1 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vSphere Replication versions 5.8.x ant\u00e9rieures \u00e0 5.8.1.2 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.1 ant\u00e9rieures \u00e0 5.1 U3b sans le correctif de s\u00e9curit\u00e9 KB 2144428 sur Windows",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation versions 11.x.x ant\u00e9rieures \u00e0 11.1.3 sur Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.0 ant\u00e9rieures \u00e0 5.0 U3e sans le correctif de s\u00e9curit\u00e9 KB 2144428 sur Windows",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player versions 7.x.x ant\u00e9rieures \u00e0 7.1.3 sur Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.0b sans le correctif de s\u00e9curit\u00e9 KB 2145343 sur Windows",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.5 ant\u00e9rieures \u00e0 5.5 U3 sur Linux",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.0b sur Linux",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCloud Director versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.1 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vSphere Replication versions 5.6.x ant\u00e9rieures \u00e0 5.6.0.6 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.1 ant\u00e9rieures \u00e0 5.1 U3b sur Linux",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 5.5 ant\u00e9rieures \u00e0 5.5 U3d sur Windows",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3427"
    },
    {
      "name": "CVE-2016-2077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2077"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-175",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0005 du 17 mai 2016",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
    }
  ]
}

GHSA-9C56-6W4H-CGC4

Vulnerability from github – Published: 2022-05-17 03:35 – Updated: 2022-05-17 03:35

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-2077"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-18T14:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.",
  "id": "GHSA-9c56-6w4h-cgc4",
  "modified": "2022-05-17T03:35:54Z",
  "published": "2022-05-17T03:35:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2077"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035900"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-2077

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-2077

Aliases

CVE-2016-2077

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-2077",
    "description": "VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.",
    "id": "GSD-2016-2077"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-2077"
      ],
      "details": "VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.",
      "id": "GSD-2016-2077",
      "modified": "2023-12-13T01:21:19.752715Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-2077",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1035900",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035900"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:7.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:7.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:11.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:11.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2077"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
            },
            {
              "name": "1035900",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035900"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-12-01T03:08Z",
      "publishedDate": "2016-05-18T14:59Z"
    }
  }
}

CNVD-2016-03380

Vulnerability from cnvd - Published: 2016-05-20

Title

多款Vmware产品任意命令执行漏洞

Description

VMware vCenter Server等都是是美国威睿（VMware）公司的产品。vCenter Server是一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。vCloud Director（vCD）是一套虚拟云基础架构工具。该工具可将现有数据中心内的虚拟基础架构资源整合成资源池，并以一种目录式服务的形式向用户提供这些资源。多款Vmware产品中存在安全漏洞，该漏洞源于Oracle JRE JMX的RMI服务器在反序列化身份验证证书时会反序列化任意类。远程攻击者可利用该漏洞执行任意命令。

Severity

高

Patch Name

多款Vmware产品任意命令执行漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.vmware.com/security/advisories/VMSA-2016-0005.html

Reference

https://www.auscert.org.au/render.html?it=34722 http://www.vmware.com/security/advisories/VMSA-2016-0005.html

Impacted products

Name
['VMware Workstation 11.x<11.1.3', 'VMware VMware Player 7.x<7.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2077"
    }
  },
  "description": "VMware vCenter Server\u7b49\u90fd\u662f\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002vCenter Server\u662f\u4e00\u5957\u670d\u52a1\u5668\u548c\u865a\u62df\u5316\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u4e8e\u7ba1\u7406VMware vSphere\u73af\u5883\u7684\u96c6\u4e2d\u5f0f\u5e73\u53f0\uff0c\u53ef\u81ea\u52a8\u5b9e\u65bd\u548c\u4ea4\u4ed8\u865a\u62df\u57fa\u7840\u67b6\u6784\u3002vCloud Director\uff08vCD\uff09\u662f\u4e00\u5957\u865a\u62df\u4e91\u57fa\u7840\u67b6\u6784\u5de5\u5177\u3002\u8be5\u5de5\u5177\u53ef\u5c06\u73b0\u6709\u6570\u636e\u4e2d\u5fc3\u5185\u7684\u865a\u62df\u57fa\u7840\u67b6\u6784\u8d44\u6e90\u6574\u5408\u6210\u8d44\u6e90\u6c60\uff0c\u5e76\u4ee5\u4e00\u79cd\u76ee\u5f55\u5f0f\u670d\u52a1\u7684\u5f62\u5f0f\u5411\u7528\u6237\u63d0\u4f9b\u8fd9\u4e9b\u8d44\u6e90\u3002\r\n\r\n\u591a\u6b3eVmware\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOracle JRE JMX\u7684RMI\u670d\u52a1\u5668\u5728\u53cd\u5e8f\u5217\u5316\u8eab\u4efd\u9a8c\u8bc1\u8bc1\u4e66\u65f6\u4f1a\u53cd\u5e8f\u5217\u5316\u4efb\u610f\u7c7b\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Andrew Smith of Sword \u0026 Shield Enterprise Security",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.vmware.com/security/advisories/VMSA-2016-0005.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03380",
  "openTime": "2016-05-20",
  "patchDescription": "VMware vCenter Server\u7b49\u90fd\u662f\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002vCenter Server\u662f\u4e00\u5957\u670d\u52a1\u5668\u548c\u865a\u62df\u5316\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u4e8e\u7ba1\u7406VMware vSphere\u73af\u5883\u7684\u96c6\u4e2d\u5f0f\u5e73\u53f0\uff0c\u53ef\u81ea\u52a8\u5b9e\u65bd\u548c\u4ea4\u4ed8\u865a\u62df\u57fa\u7840\u67b6\u6784\u3002vCloud Director\uff08vCD\uff09\u662f\u4e00\u5957\u865a\u62df\u4e91\u57fa\u7840\u67b6\u6784\u5de5\u5177\u3002\u8be5\u5de5\u5177\u53ef\u5c06\u73b0\u6709\u6570\u636e\u4e2d\u5fc3\u5185\u7684\u865a\u62df\u57fa\u7840\u67b6\u6784\u8d44\u6e90\u6574\u5408\u6210\u8d44\u6e90\u6c60\uff0c\u5e76\u4ee5\u4e00\u79cd\u76ee\u5f55\u5f0f\u670d\u52a1\u7684\u5f62\u5f0f\u5411\u7528\u6237\u63d0\u4f9b\u8fd9\u4e9b\u8d44\u6e90\u3002\r\n\r\n\u591a\u6b3eVmware\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOracle JRE JMX\u7684RMI\u670d\u52a1\u5668\u5728\u53cd\u5e8f\u5217\u5316\u8eab\u4efd\u9a8c\u8bc1\u8bc1\u4e66\u65f6\u4f1a\u53cd\u5e8f\u5217\u5316\u4efb\u610f\u7c7b\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eVmware\u4ea7\u54c1\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware Workstation 11.x\u003c11.1.3",
      "VMware VMware Player 7.x\u003c7.1.3"
    ]
  },
  "referenceLink": "https://www.auscert.org.au/render.html?it=34722\r\nhttp://www.vmware.com/security/advisories/VMSA-2016-0005.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-05-19",
  "title": "\u591a\u6b3eVmware\u4ea7\u54c1\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2016-2077

Vulnerability from fkie_nvd - Published: 2016-05-18 14:59 - Updated: 2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1035900
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2016-0005.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035900
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2016-0005.html	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	windows	*
vmware	player	7.0
vmware	player	7.1
vmware	player	7.1.1
vmware	player	7.1.2
microsoft	windows	*
vmware	workstation	11.0
vmware	workstation	11.1
vmware	workstation	11.1.1
vmware	workstation	11.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93872771-BD86-4707-926B-F6C3577C33A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B52D8903-B853-43A2-88C3-D79BBA70F8CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78016ED4-AEA7-4E54-8986-E997000CD646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7D0356-0C56-413C-B626-B3DF8275F53D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "492D7AD2-D660-48F5-A9BE-28CCA6A6B658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F0250C-EE18-486B-90D7-348FEF01C2D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E33E15C-62ED-4E24-AB00-0632C8A90C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C761DD95-A3CC-4998-B2F2-93F429BDF250",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "VMware Workstation 11.x en versiones anteriores a 11.1.3 y VMwaere Player 7.x en versiones anteriores a 7.1.3 en Windows acceden incorrectamente a un archivo ejecutable, lo que permite a los usuarios del SO anfitri\u00f3n obtener los privilegios del anfitri\u00f3n del sistema operativo a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-2077",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-18T14:59:04.427",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1035900"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-2077 (GCVE-0-2016-2077)

CERTFR-2016-AVI-175

Solution

CERTFR-2016-AVI-175

Solution

GHSA-9C56-6W4H-CGC4

GSD-2016-2077

CNVD-2016-03380

FKIE_CVE-2016-2077

Tags

Sightings

Nomenclature