CVE-2015-3650

Published Jul 10, 2015

Last updated 8 years ago

CVSS info 7.2

Overview

Description: vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:player:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "364FBB12-E292-47BB-8D26-CED34232A135"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEBF8C7B-7034-47B4-B84A-6987EB7B4DC5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "277B926D-C575-4526-9F0C-A1D6EAF2AA2D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:5.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77E6EAA1-4828-4B94-931F-B92C54FD97D9"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:5.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C766686C-0EAE-4E7A-A5F2-F93A57991A53"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BBDD49B-0083-4743-B4F8-6214FE8F4822"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEBFD3AF-D8A3-4599-AF42-B47C0A62AA39"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:6.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82AE914B-8688-4274-9D40-C3A166F112AE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:6.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "043541FC-C4F9-4E71-8373-E9022DCC62DA"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:6.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "200179EA-B682-435D-948C-5B70B686D1AE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:6.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D5D0FC7-8389-4B1D-BDBD-3017E5740F77"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:6.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEF03B6D-2A6D-4A99-BAE1-308CA1CAE633"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93872771-BD86-4707-926B-F6C3577C33A4"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B52D8903-B853-43A2-88C3-D79BBA70F8CA"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D0119B9-916C-4A98-8542-10FFC4F71C80"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35CA413B-AB24-4884-A052-2A30A0CA4E7D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:10.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4B2275C-913F-43D9-8146-0B0CD737E485"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:10.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01512B1C-ABCF-4705-91E8-F51FE6397343"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:10.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A74B9F8A-E336-4421-ADA8-D2640DD7E67E"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:10.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71B0563B-F300-448D-8450-9B7B862F4560"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:10.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CED170BC-88E4-44D9-A4C5-A2A190283985"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "492D7AD2-D660-48F5-A9BE-28CCA6A6B658"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90F0250C-EE18-486B-90D7-348FEF01C2D3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:horizon_view_client:5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E82AFF09-F9F6-486B-9299-3852EBD9B333"
          },
          {
            "criteria": "cpe:2.3:a:vmware:horizon_view_client:5.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9391EA21-2A10-445A-B88A-103025C9A343"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References