CVE-2013-3519

high VMware
CVSS v3 Base Score
7.9
AV:A/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
0.2%
Exploitation probability in 30 days
Top 62% most likely to be exploited
Attack Characteristics
Attack Vector
Adjacent
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 4, 2013 (4544 days ago)
Last Modified: April 29, 2026
Vendor: VMware
Source: NVD

Description

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.

CWE

CWE-264

Affected Products

vmware esxivmware workstationvmware esxvmware playervmware fusion

References

🔗 www.vmware.com 🔗 www.vmware.com