Tools
CVE-2014-4200
MEDIUM
Severity by source
AV:L/AC:M/Au:N/C:C/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:N/C:C/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.
AnalysisAI
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. Affected products include: Vmware Tools, Vmware Vm-Support, Vmware Workstation. Version information: through 10.0.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 t
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local
IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of se
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafte
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly hav
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly hav
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbi
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbi
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbi
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbi
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbi
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileg
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today