Vulnerability in Vmware Tools

CVE-2014-4199

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

EPSS: 0.000 (7.2th percentile) — read the EPSS interpretation.

Affected products

Vmware Tools
Vmware Vm-support — versions 0.88
Vmware Workstation — versions 10.0, 10.0.1, 10.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

20140826 VMware vm-support multiple vulnerabilities (mailing-list, Exploit, x_refsource_FULLDISC)
vmware-support-cve20144199-dos(95493) (vdb-entry, x_refsource_XF)
110458 (x_refsource_OSVDB, vdb-entry)
1030758 (vdb-entry, x_refsource_SECTRACK)