CVE-2012-1666 : Untrusted search path vulnerability in VMware Tools in VMware Workstation before

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.

Published 2012-09-08 10:28:20

Updated 2012-09-10 04:00:00

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2012-1666

Vmware » Workstation
Versions up to, including, (<=) 8.0.3
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 8.0
cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 8.0.1
cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 8.0.0.18997
cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 8.0.2
cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 8.0.1.27038
cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*
Matching versions
Vmware » Player
Versions up to, including, (<=) 4.0.3
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 4.0
cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 4.0.1
cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 4.0.2
cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 4.0.0.18997
cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion
Versions up to, including, (<=) 4.1.1
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 4.0
cpe:2.3:a:vmware:fusion:4.0:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 4.0.1
cpe:2.3:a:vmware:fusion:4.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 4.0.2
cpe:2.3:a:vmware:fusion:4.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 4.1
cpe:2.3:a:vmware:fusion:4.1:*:*:*:*:*:*:*
Matching versions
Vmware » View
Versions up to, including, (<=) 5.0
cpe:2.3:a:vmware:view:*:*:*:*:*:*:*:*
Matching versions
Vmware » View » Version: 4.6.0
cpe:2.3:a:vmware:view:4.6.0:*:*:*:*:*:*:*
Matching versions
Vmware » ESX » Version: 4.1
cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*
Matching versions
Vmware » ESX » Version: 5.0
cpe:2.3:o:vmware:esx:5.0:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2012-1666

Top countries where our scanners detected CVE-2012-1666

Top open port discovered on systems with this issue 443

IPs affected by CVE-2012-1666 4

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2012-1666!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2012-1666

EPSS FAQ

0.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-1666

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2012-1666

Jump to

Vulnerability Details : CVE-2012-1666

Products affected by CVE-2012-1666

Threat overview for CVE-2012-1666

Exploit prediction scoring system (EPSS) score for CVE-2012-1666

CVSS scores for CVE-2012-1666

References for CVE-2012-1666