CVE-2013-5972

VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.vmware.com/security/advisories/VMSA-2013-0013.html	Patch Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2013-0013.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:workstation:9.0:::::::*
	cpe:2.3:a:vmware:workstation:9.0.1:::::::*
	cpe:2.3:a:vmware:workstation:9.0.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:vmware:player:5.0:::::::*
	cpe:2.3:a:vmware:player:5.0.1:::::::*
	cpe:2.3:a:vmware:player:5.0.2:::::::*

History

21 Nov 2024, 01:58

Type	Values Removed	Values Added
References	~~() http://www.vmware.com/security/advisories/VMSA-2013-0013.html - Patch, Vendor Advisory~~	() http://www.vmware.com/security/advisories/VMSA-2013-0013.html - Patch, Vendor Advisory

Information

Published : 2013-11-18 05:23

Updated : 2024-11-21 01:58

NVD link : CVE-2013-5972

Mitre link : CVE-2013-5972

CVE.ORG link : CVE-2013-5972

JSON object : View

Products Affected

vmware

player
workstation

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-5972", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-11-18T05:23:57.800", "references": [{"url": "http://www.vmware.com/security/advisories/VMSA-2013-0013.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2013-0013.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors."}, {"lang": "es", "value": "VMware Workstation 9.x antes de 9.0.3 y VMware Player 5.x antes 5.0.3 en Linux no manejan correctamente biblioteca compartida, que permite a los usuarios de host del sistema operativo para obtener privilegios del sistema operativo a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:58:31.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B439F706-27F8-4238-9396-B460EB78B6DC"}, {"criteria": "cpe:2.3:a:vmware:workstation:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B87CF2A3-422B-4B5C-9E90-382FF6373F38"}, {"criteria": "cpe:2.3:a:vmware:workstation:9.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BF4A5B6-C3E5-47B4-BC9E-14F544E3393E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "364FBB12-E292-47BB-8D26-CED34232A135"}, {"criteria": "cpe:2.3:a:vmware:player:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEBF8C7B-7034-47B4-B84A-6987EB7B4DC5"}, {"criteria": "cpe:2.3:a:vmware:player:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277B926D-C575-4526-9F0C-A1D6EAF2AA2D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}