Strix
26.1K

CVE-2009-2267

UnknownEPSS 1.77%

Last modified

CVE-2009-2267 is a vulnerability of currently unknown severity. VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.. EPSS estimates a 1.77% chance of exploitation in the next 30 days.

Description

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.

Metrics

EPSS Probability
1.77%

75.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
VmwareAce2.5.0
VmwareAce2.5.1
VmwareAce2.5.2
VmwareEsx2.5.5
VmwareEsx3.0.3
VmwareEsx3.5
VmwareEsx4.0
VmwareEsxi3.5
VmwareEsxi4.0
VmwareFusion2.0
VmwareFusion2.0.1
VmwareFusion2.0.2
VmwareFusion2.0.3
VmwareFusion2.0.4
VmwareFusion2.0.5
VmwarePlayer2.5
VmwarePlayer2.5.1
VmwarePlayer2.5.2
VmwareServer1.0
VmwareServer1.0.1
VmwareServer1.0.2
VmwareServer1.0.3
VmwareServer1.0.4
VmwareServer1.0.5
VmwareServer1.0.6
VmwareServer1.0.7
VmwareServer1.0.8
VmwareServer1.0.9
VmwareServer2.0
VmwareServer2.0.1
VmwareWorkstation6.5.0
VmwareWorkstation6.5.1
VmwareWorkstation6.5.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-2267?
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
How severe is CVE-2009-2267?
Severity scoring for CVE-2009-2267 is pending analysis. The EPSS model estimates a 1.77% probability of exploitation in the next 30 days.
How do I fix CVE-2009-2267?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-2267?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST