What is CVE-2012-1516?

CVE-2012-1516 is a critical-severity vulnerability in Vmware Esx, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.9/10. Published 2012-05-04.

How severe is CVE-2012-1516?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Buffer overflow in Vmware Esx

CVE-2012-1516

The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code…

Vulnerability class: Buffer Overflow

EPSS: 0.016 (81.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Vmware Esx — versions 3.5, 4.0, 4.1
Vmware Esxi — versions 3.5, 4.0, 4.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

oval:org.mitre.oval:def:16810 (Tool Signature, x_refsource_OVAL, signature, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
1027018 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
vmware-esxserver-rpc-priv-esc(75373) (VDB Entry, vdb-entry, x_refsource_XF)
53369 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2012-1516?: CVE-2012-1516 is a critical-severity vulnerability in Vmware Esx, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.9/10. Published 2012-05-04.
How severe is CVE-2012-1516?: Critical severity. CVSS v3 base score is 9.9 out of 10.