CVE-2012-1516
CRITICAL severity · CVSS 9.9 · Memory corruption
9.9CVSS CRITICAL
Summary
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)2%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://www.vmware.com/security/advisories/VMSA-2012-0009.htmlAdvisory
- http://www.vmware.com/security/advisories/VMSA-2012-0009.htmlAdvisory
- http://www.securityfocus.com/bid/53369Advisory
- http://www.securitytracker.com/id?1027018Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75373
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16810
- http://www.securityfocus.com/bid/53369Advisory
- http://www.securitytracker.com/id?1027018Advisory