CVE-2012-2450
First published: Fri May 04 2012(Updated: )
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation | =8.0 | |
| VMware Workstation | =8.0.1 | |
| VMware Workstation | =8.0.2 | |
| VMware Player | =4.0 | |
| VMware Player | =4.0.1 | |
| VMware Player | =4.0.2 | |
| VMware Fusion Pro | =4.0 | |
| VMware Fusion Pro | =4.0.1 | |
| VMware Fusion Pro | =4.0.2 | |
| VMware Fusion Pro | =4.1 | |
| VMware Fusion Pro | =4.1.1 | |
| VMware ESXi | =3.5 | |
| VMware ESXi | =3.5-1 | |
| VMware ESXi | =4.0 | |
| VMware ESXi | =4.0-1 | |
| VMware ESXi | =4.0-2 | |
| VMware ESXi | =4.0-3 | |
| VMware ESXi | =4.0-4 | |
| VMware ESXi | =4.1 | |
| VMware ESXi | =4.1-1 | |
| VMware ESXi | =4.1-2 | |
| VMware ESXi | =5.0 | |
| VMware ESX | =3.5 | |
| VMware ESX | =3.5-update1 | |
| VMware ESX | =3.5-update2 | |
| VMware ESX | =3.5-update3 | |
| VMware ESX | =4.0 | |
| VMware ESX | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/81695
- http://secunia.com/advisories/49032
- http://www.securityfocus.com/bid/53369
- http://www.securitytracker.com/id?1027019
- http://www.vmware.com/security/advisories/VMSA-2012-0009.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16852
Frequently Asked Questions
What is the severity of CVE-2012-2450?
The severity of CVE-2012-2450 is classified as high due to its potential to cause a denial of service.
How do I fix CVE-2012-2450?
To fix CVE-2012-2450, you need to upgrade to the patched versions VMware Workstation 8.0.3, VMware Player 4.0.3, VMware Fusion 4.1.2, or later.
What systems are affected by CVE-2012-2450?
CVE-2012-2450 affects VMware Workstation 8.x, VMware Player 4.x, VMware Fusion 4.x, and VMware ESXi and ESX versions from 3.5 to 5.0.
What type of vulnerability is CVE-2012-2450?
CVE-2012-2450 is a denial of service vulnerability that arises from improper registration of SCSI devices.
Can CVE-2012-2450 be exploited remotely?
CVE-2012-2450 can be exploited by guest OS users, which may require local access to the affected virtual machines.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware workstation
- version/vmware workstation/8.0
- version/vmware workstation/8.0.1
- version/vmware workstation/8.0.2
- canonical/vmware player
- version/vmware player/4.0
- version/vmware player/4.0.1
- version/vmware player/4.0.2
- canonical/vmware fusion pro
- version/vmware fusion pro/4.0
- version/vmware fusion pro/4.0.1
- version/vmware fusion pro/4.0.2
- version/vmware fusion pro/4.1
- version/vmware fusion pro/4.1.1
- canonical/vmware esxi
- version/vmware esxi/3.5
- version/vmware esxi/3.5-1
- version/vmware esxi/4.0
- version/vmware esxi/4.0-1
- version/vmware esxi/4.0-2
- version/vmware esxi/4.0-3
- version/vmware esxi/4.0-4
- version/vmware esxi/4.1
- version/vmware esxi/4.1-1
- version/vmware esxi/4.1-2
- version/vmware esxi/5.0
- canonical/vmware esx
- version/vmware esx/3.5
- version/vmware esx/3.5-update1
- version/vmware esx/3.5-update2
- version/vmware esx/3.5-update3
- version/vmware esx/4.0
- version/vmware esx/4.1