CVE-2010-1138

The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:13

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html - () http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html -
References () http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html - () http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html -
References () http://lists.vmware.com/pipermail/security-announce/2010/000090.html - Patch, Vendor Advisory () http://lists.vmware.com/pipermail/security-announce/2010/000090.html - Patch, Vendor Advisory
References () http://osvdb.org/63607 - () http://osvdb.org/63607 -
References () http://secunia.com/advisories/39203 - Vendor Advisory () http://secunia.com/advisories/39203 - Vendor Advisory
References () http://secunia.com/advisories/39206 - Vendor Advisory () http://secunia.com/advisories/39206 - Vendor Advisory
References () http://secunia.com/advisories/39215 - Vendor Advisory () http://secunia.com/advisories/39215 - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-201209-25.xml - () http://security.gentoo.org/glsa/glsa-201209-25.xml -
References () http://www.securityfocus.com/bid/39395 - () http://www.securityfocus.com/bid/39395 -
References () http://www.securitytracker.com/id?1023836 - () http://www.securitytracker.com/id?1023836 -
References () http://www.vmware.com/security/advisories/VMSA-2010-0007.html - Patch, Vendor Advisory () http://www.vmware.com/security/advisories/VMSA-2010-0007.html - Patch, Vendor Advisory

Information

Published : 2010-04-12 18:30

Updated : 2024-11-21 01:13


NVD link : CVE-2010-1138

Mitre link : CVE-2010-1138

CVE.ORG link : CVE-2010-1138


JSON object : View

Products Affected

microsoft

  • windows

vmware

  • workstation
  • server
  • player
  • ace
  • fusion
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor