OSVDB ID: 12169

Title: VMware Workstation Format String Arbitrary Local Code Execution

Info

Disclosure
Nov 29, 2004

Discovery
Unknown

Dates

Exploit
Nov 29, 2004

Solution
Unknown

Description

 VMware Workstation contains a flaw that may allow a malicious user to do privilege escalation. The issue is triggered when VMware is installed with suid and format specifier characters are passed using the command line. It is possible that the flaw may facilitate privilege escalation resulting in a loss of confidentiality.

Classification

 Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Unknown

Solution

 Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

VMware, Inc.

VMware Workstation

 4.5.2 Build 8848

References

Credit
  • RedTeam Pentesting - RedTeam Pentesting


Direct URL: http://osvdb.org/36218