CVE-2010-1139

high VMware
CVSS v3 Base Score
7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
0.1%
Exploitation probability in 30 days
Top 78% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: April 12, 2010 (5876 days ago)
Last Modified: April 29, 2026
Vendor: VMware
Source: NVD

Description

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

CWE

CWE-134

Affected Products

vmware workstationvmware playervmware servervmware fusionvmware vix api

References

🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 lists.vmware.com 🔗 osvdb.org 🔗 secunia.com