CVE-2013-1406

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-1406
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.vmware.com/security/advisories/VMSA-2013-0002.html Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17164
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:9.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:vmware:fusion:4.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:5.0.1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:vmware:view:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:4.0.0:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.0.0:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:4.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:view:5.0.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
Information

Published : 2013-02-11 14:55

Updated : 2017-09-18 18:36

NVD link : CVE-2013-1406

Mitre link : CVE-2013-1406

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

microsoft

  • windows

vmware

  • workstation
  • view
  • fusion
  • esx
  • esxi