Vulnerability in Vmware Ace

CVE-2009-4811

VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before…

EPSS: 0.013 (79.9th percentile) — read the EPSS interpretation.

Affected products

Vmware Ace — versions 2.6, 2.5.2, 2.6.1
Vmware Player — versions 2.5.2, 3.0.1, 2.5.4
Vmware Server — versions 2.0.1, 2.0.2, 2.0.0
Vmware Workstation — versions 7.0, 6.5.0, 7.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

GLSA-201209-25 (vendor-advisory, x_refsource_GENTOO)
36630 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (Patch, x_refsource_MISC, Vendor Advisory)
[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (URL Repurposed, Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (mailing-list, x_refsource_FULLDISC)