Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5328

VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.

Published

2016-12-29T09:59:00.180

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
    CWE-254
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application vmware tools ≤ 10.0.8 Yes
Application vmware tools 10.0.0 Yes
Application vmware tools 10.0.5 Yes
Application vmware tools 10.0.6 Yes
Operating System apple mac_os_x * No
Application vmware tools 9.0.0 Yes
Application vmware tools 9.0.1 Yes
Application vmware tools 9.0.5 Yes
Application vmware tools 9.0.10 Yes
Application vmware tools 9.0.11 Yes
Application vmware tools 9.0.12 Yes
Application vmware tools 9.0.13 Yes
Application vmware tools 9.0.15 Yes
Application vmware tools 9.0.16 Yes
Application vmware tools 9.0.17 Yes
Application vmware tools 9.4.0 Yes
Application vmware tools 9.4.5 Yes
Application vmware tools 9.4.10 Yes
Application vmware tools 9.4.11 Yes
Application vmware tools 9.4.12 Yes
Application vmware tools 9.4.15 Yes
Application vmware tools 9.10.0 Yes
Application vmware tools 9.10.1 Yes
Application vmware tools 9.10.5 Yes
Operating System apple mac_os_x * No
References