CVE-2012-1666
First published: Sat Sep 08 2012(Updated: )
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation and ESXi | <=8.0.3 | |
| VMware Workstation and ESXi | =8.0 | |
| VMware Workstation and ESXi | =8.0.0.18997 | |
| VMware Workstation and ESXi | =8.0.1 | |
| VMware Workstation and ESXi | =8.0.1.27038 | |
| VMware Workstation and ESXi | =8.0.2 | |
| VMware Player | <=4.0.3 | |
| VMware Player | =4.0 | |
| VMware Player | =4.0.0.18997 | |
| VMware Player | =4.0.1 | |
| VMware Player | =4.0.2 | |
| VMware Fusion Pro | <=4.1.1 | |
| VMware Fusion Pro | =4.0 | |
| VMware Fusion Pro | =4.0.1 | |
| VMware Fusion Pro | =4.0.2 | |
| VMware Fusion Pro | =4.1 | |
| VMware Horizon View | <=5.0 | |
| VMware Horizon View | =4.6.0 | |
| VMware ESXi | =4.1 | |
| VMware ESXi | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-1666?
CVE-2012-1666 has a CVSS base score that indicates it is a high-severity vulnerability.
How do I fix CVE-2012-1666?
To fix CVE-2012-1666, update VMware Workstation, Player, Fusion, View, or ESX to the latest versions as specified by VMware.
Who is affected by CVE-2012-1666?
Users of VMware Workstation versions prior to 8.0.4, VMware Player versions prior to 4.0.4, and other specified VMware products are affected by CVE-2012-1666.
What type of vulnerability is CVE-2012-1666?
CVE-2012-1666 is classified as an untrusted search path vulnerability.
Can CVE-2012-1666 be exploited remotely?
CVE-2012-1666 requires local access, so it cannot be exploited remotely.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/8.0.3
- version/vmware workstation and esxi/8.0
- version/vmware workstation and esxi/8.0.0.18997
- version/vmware workstation and esxi/8.0.1
- version/vmware workstation and esxi/8.0.1.27038
- version/vmware workstation and esxi/8.0.2
- canonical/vmware player
- version/vmware player/4.0.3
- version/vmware player/4.0
- version/vmware player/4.0.0.18997
- version/vmware player/4.0.1
- version/vmware player/4.0.2
- canonical/vmware fusion pro
- version/vmware fusion pro/4.1.1
- version/vmware fusion pro/4.0
- version/vmware fusion pro/4.0.1
- version/vmware fusion pro/4.0.2
- version/vmware fusion pro/4.1
- canonical/vmware horizon view
- version/vmware horizon view/5.0
- version/vmware horizon view/4.6.0
- canonical/vmware esxi
- version/vmware esxi/4.1
- version/vmware esxi/5.0