QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2267

Published: Nov 2, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_VUPEN

[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:8473

vdb-entry

signature

x_refsource_OVAL

20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues

mailing-list

x_refsource_BUGTRAQ

20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

http://www.vmware.com/security/advisories/VMSA-2009-0015.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.