Vulnerability Details : CVE-2010-1140
The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.
Products affected by CVE-2010-1140
- cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-1140
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-1140
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2010-1140
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1140
-
http://www.securityfocus.com/bid/39397
VMware Hosted Products USB Service Local Privilege Escalation Vulnerability
-
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
-
http://securitytracker.com/id?1023834
VMware Workstation and Player USB Service Lets Local Users Gain Elevated Privileges - SecurityTracker
-
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
[Security-announce] VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issuesPatch;Vendor Advisory
-
http://www.vmware.com/security/advisories/VMSA-2010-0007.html
VMSA-2010-0007.1Patch;Vendor Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
-
http://security.gentoo.org/glsa/glsa-201209-25.xml
VMware Player, Server, Workstation: Multiple vulnerabilities (GLSA 201209-25) — Gentoo security
Jump to