CVE-2010-1140 - OpenCVE

The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Workstation Player
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://lists.vmware.com/pipermail/security-announce/2010/000090.html	Patch Vendor Advisory
http://secunia.com/advisories/39206	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securitytracker.com/id?1023834
http://www.securityfocus.com/bid/39397
http://www.vmware.com/security/advisories/VMSA-2010-0007.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-04-12T18:00:00

Updated: 2010-04-22T09:00:00

Reserved: 2010-03-29T00:00:00

Link: CVE-2010-1140

JSON object: View

NVD Information

Status : Modified

Published: 2010-04-12T18:30:00.633

Modified: 2013-05-15T03:07:56.270

Link: CVE-2010-1140

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-04-22T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201209-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"name": "39206", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39206"}, {"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"}, {"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"}, {"name": "39397", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39397"}, {"name": "1023834", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023834"}, {"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1140", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201209-25", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"name": "39206", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39206"}, {"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"}, {"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"}, {"name": "39397", "refsource": "BID", "url": "http://www.securityfocus.com/bid/39397"}, {"name": "1023834", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023834"}, {"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1140", "datePublished": "2010-04-12T18:00:00", "dateReserved": "2010-03-29T00:00:00", "dateUpdated": "2010-04-22T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk."}, {"lang": "es", "value": "El servicio USB en VMware Workstation v7.0 anterior v7.0.1 build 227600 y VMware Player v3.0 anterior v3.0.1 build 227600 en Windows puede permitir a los usuarios del sistema operativo anfitri\u00f3n obtener privilegios y localizar un toryano en una localizaci\u00f3n no especificada en el disco del SO anfitri\u00f3n."}], "id": "CVE-2010-1140", "lastModified": "2013-05-15T03:07:56.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-04-12T18:30:00.633", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39206"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1023834"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/39397"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}