CVE-2013-1406

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.vmware.com/security/advisories/VMSA-2013-0002.html	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17164

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:vmware:workstation:8.0.1.27038:::::::*
	cpe:2.3:a:vmware:workstation:8.0.2:::::::*
	cpe:2.3:a:vmware:workstation:8.0.3:::::::*
	cpe:2.3:a:vmware:workstation:8.0.4:::::::*
	cpe:2.3:a:vmware:workstation:8.0.0.18997:::::::*
	cpe:2.3:a:vmware:workstation:8.0.1:::::::*
	cpe:2.3:a:vmware:workstation:8.0:::::::*
	cpe:2.3:a:vmware:workstation:9.0:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:vmware:fusion:4.1:::::::*
	cpe:2.3:a:vmware:fusion:4.1.1:::::::*
	cpe:2.3:a:vmware:fusion:4.1.2:::::::*
	cpe:2.3:a:vmware:fusion:4.1.3:::::::*
	cpe:2.3:a:vmware:fusion:5.0:::::::*
	cpe:2.3:a:vmware:fusion:5.0.1:::::::*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:vmware:view:4.0.0:::::::*
	cpe:2.3:a:vmware:view:4.0.0:u2::::::
	cpe:2.3:a:vmware:view:5.1.0:::::::*
	cpe:2.3:a:vmware:view:5.1.1:::::::*
	cpe:2.3:a:vmware:view:5.0.0:u2::::::
	cpe:2.3:a:vmware:view:5.0.1:::::::*
	cpe:2.3:a:vmware:view:4.5:::::::*
	cpe:2.3:a:vmware:view:4.6.0:::::::*
	cpe:2.3:a:vmware:view:4.6.1:::::::*
	cpe:2.3:a:vmware:view:5.0:::::::*
	cpe:2.3:a:vmware:view:5.0.0:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:vmware:esxi:4.0:::::::*
	cpe:2.3:o:vmware:esxi:4.1:1::::::
	cpe:2.3:o:vmware:esxi:5.0:2::::::
	cpe:2.3:o:vmware:esxi:4.0:2::::::
	cpe:2.3:o:vmware:esxi:4.0:1::::::
	cpe:2.3:o:vmware:esxi:5.1:::::::*
	cpe:2.3:o:vmware:esxi:5.0:1::::::
	cpe:2.3:o:vmware:esxi:4.1:::::::*
	cpe:2.3:o:vmware:esxi:4.0:4::::::
	cpe:2.3:o:vmware:esxi:4.1:2::::::
	cpe:2.3:o:vmware:esxi:4.0:3::::::
	cpe:2.3:o:vmware:esxi:5.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:vmware:esx:4.1:::::::*
	cpe:2.3:o:vmware:esx:4.0:::::::*

Information

Published : 2013-02-11 14:55

Updated : 2017-09-18 18:36

NVD link : CVE-2013-1406

Mitre link : CVE-2013-1406

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

microsoft

windows

vmware

workstation
view
fusion
esx
esxi

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.vmware.com/security/advisories/VMSA-2013-0002.html", "name": "http://www.vmware.com/security/advisories/VMSA-2013-0002.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17164", "name": "oval:org.mitre.oval:def:17164", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-1406", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-02-11T22:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:fusion:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:fusion:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:fusion:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:fusion:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:fusion:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:fusion:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:view:4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:4.0.0:u2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:5.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:5.0.0:u2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:4.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:view:5.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.1:1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.1:2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-09-19T01:36Z"}

7.2 /10