Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-4459

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

Published

2005-12-21T20:03:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application vmware ace 1.0 Yes
Application vmware gsx_server 2.0 Yes
Application vmware gsx_server 2.0.1_build_2129 Yes
Application vmware gsx_server 2.5.1 Yes
Application vmware gsx_server 2.5.1_build_5336 Yes
Application vmware gsx_server 2.5.2 Yes
Application vmware gsx_server 3.0 Yes
Application vmware gsx_server 3.0_build_7592 Yes
Application vmware gsx_server 3.1 Yes
Application vmware gsx_server 3.2 Yes
Application vmware player 1.0.0 Yes
Application vmware workstation 3.2.1 Yes
Application vmware workstation 3.4 Yes
Application vmware workstation 4.0 Yes
Application vmware workstation 4.0.1 Yes
Application vmware workstation 4.0.2 Yes
Application vmware workstation 4.5.2 Yes
Application vmware workstation 4.5.2_build_8848 Yes
Application vmware workstation 5.0.0_build_13124 Yes
Application vmware workstation 5.5 Yes
References