Vulnerability CVE-2009-1805


Published: 2009-06-01   Modified: 2012-02-13

Description:
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.

Type:

CWE-noinfo

CVSS2 => (AV:L/AC:H/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
6.9/10
1.9/10
Exploit range
Attack complexity
Authentication
Local
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Vmware -> ACE 
Vmware -> ESX 
Vmware -> ESXI 
Vmware -> Fusion 
Vmware -> Player 
Vmware -> Server 
Vmware -> Workstation 

 References:
http://www.securityfocus.com/archive/1/503912/100/0/threaded
http://www.securityfocus.com/bid/35141
http://www.securitytracker.com/id?1022300
http://www.vmware.com/security/advisories/VMSA-2009-0007.html
http://www.vupen.com/english/advisories/2009/1452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130

Copyright 2021, cxsecurity.com

 

Back to Top