CVE-2013-3519 : lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.

Published 2013-12-04 18:56:56

Updated 2014-03-03 17:45:30

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2013-3519

Vmware » Workstation » Version: 9.0.2
cpe:2.3:a:vmware:workstation:9.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 9.0.1
cpe:2.3:a:vmware:workstation:9.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 9.0
cpe:2.3:a:vmware:workstation:9.0:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 5.0.1
cpe:2.3:a:vmware:player:5.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 5.0.2
cpe:2.3:a:vmware:player:5.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 5.0
cpe:2.3:a:vmware:player:5.0:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 5.0
cpe:2.3:a:vmware:fusion:5.0:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 5.0.1
cpe:2.3:a:vmware:fusion:5.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 5.0.3
cpe:2.3:a:vmware:fusion:5.0.3:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 5.0.2
cpe:2.3:a:vmware:fusion:5.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Esxi » Version: 4.0
cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
Matching versions
Vmware » Esxi » Version: 4.1
cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
Matching versions
Vmware » Esxi » Version: 5.0
cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*
Matching versions
Vmware » Esxi » Version: 5.1
cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*
Matching versions
Vmware » ESX » Version: 4.0
cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
Matching versions
Vmware » ESX » Version: 4.1
cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2013-3519

Top countries where our scanners detected CVE-2013-3519

Top open port discovered on systems with this issue 443

IPs affected by CVE-2013-3519 45

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2013-3519!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2013-3519

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-3519

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.9	HIGH	AV:A/AC:M/Au:N/C:C/I:C/A:C	5.5	10.0	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-3519

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-3519

http://www.vmware.com/security/advisories/VMSA-2013-0014.html

VMSA-2013-0014
Vendor Advisory