CVE-2010-1138
Last modified
CVE-2010-1138 is a vulnerability of currently unknown severity. The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.. EPSS estimates a 2.29% chance of exploitation in the next 30 days.
Description
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Workstation | 7.0 |
| Vmware | Workstation | 6.5.0 |
| Vmware | Workstation | 6.5.1 |
| Vmware | Workstation | 6.5.2 |
| Vmware | Workstation | 6.5.3 |
| Vmware | Player | 3.0 |
| Vmware | Player | 2.5 |
| Vmware | Player | 2.5.1 |
| Vmware | Player | 2.5.2 |
| Vmware | Player | 2.5.3 |
| Vmware | Ace | 2.5.0 |
| Vmware | Ace | 2.5.1 |
| Vmware | Ace | 2.5.2 |
| Vmware | Ace | 2.5.3 |
| Vmware | Ace | 2.6 |
| Vmware | Server | 2.0.0 |
| Vmware | Server | 2.0.1 |
| Vmware | Server | 2.0.2 |
| Vmware | Fusion | 2.0 |
| Vmware | Fusion | 2.0.1 |
| Vmware | Fusion | 2.0.2 |
| Vmware | Fusion | 2.0.3 |
| Vmware | Fusion | 2.0.4 |
| Vmware | Fusion | 2.0.5 |
| Vmware | Fusion | 2.0.6 |
| Vmware | Fusion | 3.0 |
References
- http://lists.vmware.com/pipermail/security-announce/2010/000090.htmlPatch, Vendor Advisory
- http://secunia.com/advisories/39203Vendor Advisory
- http://secunia.com/advisories/39206Vendor Advisory
- http://secunia.com/advisories/39215Vendor Advisory
- http://www.vmware.com/security/advisories/VMSA-2010-0007.htmlPatch, Vendor Advisory
- http://lists.vmware.com/pipermail/security-announce/2010/000090.htmlPatch, Vendor Advisory
- http://secunia.com/advisories/39203Vendor Advisory
- http://secunia.com/advisories/39206Vendor Advisory
- http://secunia.com/advisories/39215Vendor Advisory
- http://www.vmware.com/security/advisories/VMSA-2010-0007.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-1138?
How severe is CVE-2010-1138?
How do I fix CVE-2010-1138?
Are you affected by CVE-2010-1138?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST