CVE-2012-1508: Null Pointer Dereference
First published: Fri Mar 16 2012(Updated: )
The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ESX | =4.0 | |
| VMware ESX | =4.1 | |
| VMware View | <=4.6.0 | |
| VMware ESXi | =4.0 | |
| VMware ESXi | =4.1 | |
| VMware ESXi | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html
- http://osvdb.org/80115
- http://secunia.com/advisories/48378
- http://secunia.com/advisories/48379
- http://www.securityfocus.com/bid/52524
- http://www.securitytracker.com/id?1026814
- http://www.securitytracker.com/id?1026818
- http://www.vmware.com/security/advisories/VMSA-2012-0004.html
- http://www.vmware.com/security/advisories/VMSA-2012-0005.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17183
Frequently Asked Questions
What is the severity of CVE-2012-1508?
CVE-2012-1508 is considered a moderate severity vulnerability that can lead to privilege escalation or denial of service.
How do I fix CVE-2012-1508?
To mitigate CVE-2012-1508, upgrade VMware ESXi to the latest version or apply the security patches provided by VMware.
Which VMware products are affected by CVE-2012-1508?
CVE-2012-1508 affects VMware ESXi versions 4.0, 4.1, and 5.0, as well as VMware ESX 4.0 and 4.1, and VMware View versions before 4.6.1.
Can CVE-2012-1508 be exploited remotely?
CVE-2012-1508 may be exploited by guest OS users to gain elevated privileges, posing a risk to the host.
What is the impact of CVE-2012-1508 on a virtual environment?
Exploitation of CVE-2012-1508 can allow a guest OS user to perform unauthorized actions or potentially crash the virtual machine.
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/vmware
- canonical/vmware esx
- version/vmware esx/4.0
- version/vmware esx/4.1
- canonical/vmware view
- version/vmware view/4.6.0
- canonical/vmware esxi
- version/vmware esxi/4.0
- version/vmware esxi/4.1
- version/vmware esxi/5.0