CVE-2010-3277 - OpenCVE

The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Workstation Player

Configuration 1 [-]

OR	cpe:2.3:a:vmware:workstation:7.0:::::::*
	cpe:2.3:a:vmware:workstation:7.0.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:vmware:player:3.0:::::::*
	cpe:2.3:a:vmware:player:3.0.1:::::::*
	cpe:2.3:a:vmware:player:3.1:::::::*
	cpe:2.3:a:vmware:player:3.1.1:::::::*

References

Link	Resource
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/41574	Vendor Advisory
http://securitytracker.com/id?1024481
http://www.vmware.com/security/advisories/VMSA-2010-0014.html	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2491	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:20:57

Updated: 2022-10-03T16:20:57

Reserved: 2022-10-03T00:00:00

Link: CVE-2010-3277

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-09-28T18:00:03.293

Modified: 2010-09-29T04:00:00.000

Link: CVE-2010-3277

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:20:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"name": "41574", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41574"}, {"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"name": "ADV-2010-2491", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"name": "1024481", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024481"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3277", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"name": "41574", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41574"}, {"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"name": "ADV-2010-2491", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"name": "1024481", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024481"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3277", "datePublished": "2022-10-03T16:20:57", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:20:57", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF53DB66-4C79-47BB-AABD-6DCE2EF98E1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "13A31E93-7671-492E-A78F-89CF4703B04D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A115959-9CDA-45ED-9002-BA1A31074E81", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C158CD97-41BA-4422-9A55-B1A8650A0900", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "477D5F22-7DDD-461D-9CD1-2B2A968F6CB7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file."}, {"lang": "es", "value": "El instalador en VMware Workstation v7.x anterior v7.1.2 build 301548 y VMware Player v3.x anterior v3.1.2 build 301548 lanza un fichero index.htm si se presenta en el directorio de instalaci\u00f3n, lo que puede permitir a usuarios locales provocar una interpretaci\u00f3n no prevista de c\u00f3digo web o HTML por la creaci\u00f3n de dicho archivo. \r\n\r\n"}], "id": "CVE-2010-3277", "lastModified": "2010-09-29T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-28T18:00:03.293", "references": [{"source": "cve@mitre.org", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41574"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1024481"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2491"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}