var-201404-0334
Vulnerability from variot
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable.". VMware Player is a free software that allows PC users to easily run virtual machines on Windows or Linux PCs. VMWare Workstation is a popular virtual machine application. Allows a local attacker to cause a blue screen, causing the system to crash. Local attackers with access to a guest operating system can exploit this issue to crash the host operating system, effectively denying service to legitimate users.
The Blue Screen is triggered because the vulnerable function doesn\x92t check if a pointer to a memory page is valid or not, thus causing a memory access violation by trying to read from an unallocated memory page.
Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/
Copyright: Copyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.
Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "10.0.1_build_1379776"
},
{
"model": "player",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "6.0.1_build_1379776"
},
{
"model": "player",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "6.0.1 build 1379776"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "10.0.1 build 1379776"
},
{
"model": "workstation build-1379776",
"scope": "eq",
"trust": 0.6,
"vendor": "vmware",
"version": "10.0.1"
},
{
"model": "player build-1379776",
"scope": "eq",
"trust": 0.6,
"vendor": "vmware",
"version": "6.0.1"
},
{
"model": "6.0.1 build 1379776",
"scope": null,
"trust": 0.2,
"vendor": "player",
"version": null
},
{
"model": "10.0.1 build 1379776",
"scope": null,
"trust": 0.2,
"vendor": "workstation",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02126"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002139"
},
{
"db": "NVD",
"id": "CVE-2014-2384"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0.1_build_1379776:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:6.0.1_build_1379776:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2384"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyriakos Economou",
"sources": [
{
"db": "BID",
"id": "66784"
},
{
"db": "PACKETSTORM",
"id": "126135"
}
],
"trust": 0.4
},
"cve": "CVE-2014-2384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-2384",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-02126",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2384",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-02126",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-224",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02126"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002139"
},
{
"db": "NVD",
"id": "CVE-2014-2384"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports \"Vendor rated issue as non-exploitable.\". VMware Player is a free software that allows PC users to easily run virtual machines on Windows or Linux PCs. VMWare Workstation is a popular virtual machine application. Allows a local attacker to cause a blue screen, causing the system to crash. \nLocal attackers with access to a guest operating system can exploit this issue to crash the host operating system, effectively denying service to legitimate users. \n\nThe Blue Screen is triggered because the vulnerable function doesn\\x92t\ncheck if a pointer to a memory page is valid or not, thus causing a\nmemory access violation by trying to read from an unallocated memory page. \n\n\nFurther details at:\nhttps://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/\n\n\nCopyright:\nCopyright (c) Portcullis Computer Security Limited 2014, All rights\nreserved worldwide. Permission is hereby granted for the electronic\nredistribution of this information. It is not to be edited or altered in\nany way without the express written consent of Portcullis Computer\nSecurity Limited. \n\nDisclaimer:\nThe information herein contained may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties, implied or otherwise, with regard to this information\nor its use. Any use of this information is at the user\u0027s risk. In no\nevent shall the author/distributor (Portcullis Computer Security\nLimited) be held liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2384"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002139"
},
{
"db": "CNVD",
"id": "CNVD-2014-02126"
},
{
"db": "BID",
"id": "66784"
},
{
"db": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "126135"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2384",
"trust": 3.6
},
{
"db": "CNVD",
"id": "CNVD-2014-02126",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-224",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002139",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "105193",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20140411 CVE-2014-2384 - INVALID POINTER DEREFERENCE IN VMWARE WORKSTATION AND PLAYER",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "26505",
"trust": 0.6
},
{
"db": "BID",
"id": "66784",
"trust": 0.3
},
{
"db": "IVD",
"id": "A2D83B08-1EE0-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126135",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02126"
},
{
"db": "BID",
"id": "66784"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002139"
},
{
"db": "PACKETSTORM",
"id": "126135"
},
{
"db": "NVD",
"id": "CVE-2014-2384"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-224"
}
]
},
"id": "VAR-201404-0334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02126"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02126"
}
]
},
"last_update_date": "2023-12-18T13:39:57.420000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.vmware.com/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002139"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002139"
},
{
"db": "NVD",
"id": "CVE-2014-2384"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/apr/163"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2384"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2384"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/105193"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/26505"
},
{
"trust": 0.3,
"url": "http://www.vmware.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2384"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02126"
},
{
"db": "BID",
"id": "66784"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002139"
},
{
"db": "PACKETSTORM",
"id": "126135"
},
{
"db": "NVD",
"id": "CVE-2014-2384"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-02126"
},
{
"db": "BID",
"id": "66784"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002139"
},
{
"db": "PACKETSTORM",
"id": "126135"
},
{
"db": "NVD",
"id": "CVE-2014-2384"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-04T00:00:00",
"db": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d"
},
{
"date": "2014-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02126"
},
{
"date": "2014-04-11T00:00:00",
"db": "BID",
"id": "66784"
},
{
"date": "2014-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002139"
},
{
"date": "2014-04-12T03:50:36",
"db": "PACKETSTORM",
"id": "126135"
},
{
"date": "2014-04-15T23:13:15.697000",
"db": "NVD",
"id": "CVE-2014-2384"
},
{
"date": "2014-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02126"
},
{
"date": "2014-04-11T00:00:00",
"db": "BID",
"id": "66784"
},
{
"date": "2014-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002139"
},
{
"date": "2014-04-16T14:23:41.180000",
"db": "NVD",
"id": "CVE-2014-2384"
},
{
"date": "2014-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "66784"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-224"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows Run on VMware Workstation and VMware Player of vmx86.sys Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002139"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "a2d83b08-1ee0-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-224"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.