Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2267

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.

Published

2009-11-02T15:30:00.420

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	ace	2.5.0	Yes
Application	vmware	ace	2.5.1	Yes
Application	vmware	ace	2.5.2	Yes
Application	vmware	esx	2.5.5	Yes
Application	vmware	esx	3.0.3	Yes
Application	vmware	esx	3.5	Yes
Application	vmware	esx	4.0	Yes
Application	vmware	esxi	3.5	Yes
Application	vmware	esxi	4.0	Yes
Application	vmware	fusion	2.0	Yes
Application	vmware	fusion	2.0.1	Yes
Application	vmware	fusion	2.0.2	Yes
Application	vmware	fusion	2.0.3	Yes
Application	vmware	fusion	2.0.4	Yes
Application	vmware	fusion	2.0.5	Yes
Application	vmware	player	2.5	Yes
Application	vmware	player	2.5.1	Yes
Application	vmware	player	2.5.2	Yes
Application	vmware	server	1.0	Yes
Application	vmware	server	1.0.1	Yes
Application	vmware	server	1.0.2	Yes
Application	vmware	server	1.0.3	Yes
Application	vmware	server	1.0.4	Yes
Application	vmware	server	1.0.5	Yes
Application	vmware	server	1.0.6	Yes
Application	vmware	server	1.0.7	Yes
Application	vmware	server	1.0.8	Yes
Application	vmware	server	1.0.9	Yes
Application	vmware	server	2.0	Yes
Application	vmware	server	2.0	Yes
Application	vmware	server	2.0.1	Yes
Application	vmware	workstation	6.5.0	Yes
Application	vmware	workstation	6.5.1	Yes
Application	vmware	workstation	6.5.2	Yes

References

http://lists.vmware.com/pipermail/security-announce/2009/000069.html Vendor Advisory ([email protected])
http://secunia.com/advisories/37172 Vendor Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-201209-25.xml ([email protected])
http://securitytracker.com/id?1023082 ([email protected])
http://securitytracker.com/id?1023083 ([email protected])
http://www.securityfocus.com/archive/1/507523/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/507539/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/36841 Exploit ([email protected])
http://www.vmware.com/security/advisories/VMSA-2009-0015.html Patch, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/3062 Vendor Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473 ([email protected])
http://lists.vmware.com/pipermail/security-announce/2009/000069.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37172 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201209-25.xml (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023082 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023083 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507523/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507539/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36841 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2009-0015.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3062 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473 (af854a3a-2127-422b-91ae-364da2661108)