VulDB: Vmware Workstation/Player/Fusion/ESXi/ESX denial of service [CVE-2012-3289]
General
scipID: 5564
Affected: Vmware Workstation/Player/Fusion/ESXi/ESX
Published: 06/14/2012 (Thorsten Tüllmann)
Risk: 
problematic
Entry: 83.6% complete
Created: 06/22/2012
Updated: 09/03/2012
Summary
A vulnerability, which was classified as problematic, has been found in Vmware Workstation, Player, Fusion, ESXi and ESX. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a denial of service vulnerability. Impacted is availability.
The weakness was shared 06/14/2012 by Thorsten Tüllmann as VMSA-2012-0011 as advisory (vmware.com). The advisory is shared for download at vmware.com. This vulnerability is handled as CVE-2012-3289 since 06/07/2012. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available.
Upgrading eliminates this vulnerability. The upgrade is hosted for download at vmware.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82980) and Secunia (SA49430).CVSS
Base Score: 7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Denial of service
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: vmware.com
Timeline
06/07/2012 | CVE assigned
06/14/2012 | Advisory disclosed
06/14/2012 | Countermeasure disclosed
06/16/2012 | OSVDB entry created
06/22/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: VMSA-2012-0011
Researcher: Thorsten Tüllmann
OSVDB: 82980
CVE: CVE-2012-3289 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49430
- Latest Entries
- Google Chrome Web Audio Handler buffer overflow [CVE-2013-2845]
- Google Chrome Style Resolution Handler buffer overflow [CVE-2013-2844]
- Google Chrome Speech Handler buffer overflow [CVE-2013-2843]
- Google Chrome Widget Handler buffer overflow [CVE-2013-2842]
- Google Chrome Pepper Resource Handler buffer overflow [CVE-2013-2841]
- Statistics
- Archive
