CVE-2013-1406

high VMware
CVSS v3 Base Score
7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
0.7%
Exploitation probability in 30 days
Top 27% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: February 11, 2013 (4840 days ago)
Last Modified: April 29, 2026
Vendor: VMware
Source: NVD

Description

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.

CWE

CWE-20

Affected Products

vmware workstationvmware fusionvmware viewvmware esxivmware esx

References

🔗 www.vmware.com 🔗 oval.cisecurity.org 🔗 www.vmware.com 🔗 oval.cisecurity.org