CVE-2010-1138 : Detail

CVE-2010-1138

A01-Broken Access Control
0.99%V3
Network
2010-04-12
16h00 +00:00
2010-04-22
07h00 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:P/I:N/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Vmware>>Workstation >> Version 7.0

Configuraton 0

Vmware>>Workstation >> Version 6.5.0

Vmware>>Workstation >> Version 6.5.1

Vmware>>Workstation >> Version 6.5.2

Vmware>>Workstation >> Version 6.5.3

Microsoft>>Windows >> Version *

Configuraton 0

Vmware>>Player >> Version 3.0

Configuraton 0

Vmware>>Player >> Version 2.5

Vmware>>Player >> Version 2.5.1

Vmware>>Player >> Version 2.5.2

Vmware>>Player >> Version 2.5.3

Microsoft>>Windows >> Version *

Configuraton 0

Vmware>>Ace >> Version 2.5.0

    Vmware>>Ace >> Version 2.5.1

      Vmware>>Ace >> Version 2.5.2

        Vmware>>Ace >> Version 2.5.3

          Vmware>>Ace >> Version 2.6

          Configuraton 0

          Vmware>>Server >> Version 2.0.0

          Vmware>>Server >> Version 2.0.1

          Vmware>>Server >> Version 2.0.2

          Configuraton 0

          Vmware>>Fusion >> Version 2.0

            Vmware>>Fusion >> Version 2.0.1

              Vmware>>Fusion >> Version 2.0.2

                Vmware>>Fusion >> Version 2.0.3

                  Vmware>>Fusion >> Version 2.0.4

                    Vmware>>Fusion >> Version 2.0.5

                      Vmware>>Fusion >> Version 2.0.6

                        Vmware>>Fusion >> Version 3.0

                          References

                          http://security.gentoo.org/glsa/glsa-201209-25.xml
                          Tags : vendor-advisory, x_refsource_GENTOO
                          http://secunia.com/advisories/39206
                          Tags : third-party-advisory, x_refsource_SECUNIA
                          http://secunia.com/advisories/39203
                          Tags : third-party-advisory, x_refsource_SECUNIA
                          http://www.securitytracker.com/id?1023836
                          Tags : vdb-entry, x_refsource_SECTRACK
                          http://www.securityfocus.com/bid/39395
                          Tags : vdb-entry, x_refsource_BID
                          http://secunia.com/advisories/39215
                          Tags : third-party-advisory, x_refsource_SECUNIA
                          http://osvdb.org/63607
                          Tags : vdb-entry, x_refsource_OSVDB