CVE-2012-3289: Code Injection
First published: Thu Jun 14 2012(Updated: )
VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation and ESXi | =8.0 | |
| VMware Workstation and ESXi | =8.0.1 | |
| VMware Workstation and ESXi | =8.0.2 | |
| VMware Workstation and ESXi | =8.0.3 | |
| VMware Player | =4.0 | |
| VMware Player | =4.0.1 | |
| VMware Player | =4.0.2 | |
| VMware Player | =4.0.3 | |
| VMware ESXi | =3.5 | |
| VMware ESXi | =3.5-update1 | |
| VMware ESXi | =3.5-update2 | |
| VMware ESXi | =3.5-update3 | |
| VMware ESXi | =4.0 | |
| VMware ESXi | =4.1 | |
| VMware ESXi and Horizon DaaS | =3.5 | |
| VMware ESXi and Horizon DaaS | =3.5-1 | |
| VMware ESXi and Horizon DaaS | =4.0 | |
| VMware ESXi and Horizon DaaS | =4.0-1 | |
| VMware ESXi and Horizon DaaS | =4.0-2 | |
| VMware ESXi and Horizon DaaS | =4.0-3 | |
| VMware ESXi and Horizon DaaS | =4.0-4 | |
| VMware ESXi and Horizon DaaS | =4.1 | |
| VMware ESXi and Horizon DaaS | =4.1-1 | |
| VMware ESXi and Horizon DaaS | =4.1-2 | |
| VMware ESXi and Horizon DaaS | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-3289?
CVE-2012-3289 is rated as a high severity vulnerability due to its potential to cause a denial of service by crashing the guest operating system.
How do I fix CVE-2012-3289?
To fix CVE-2012-3289, update VMware Workstation to version 8.0.4 or higher, VMware Player to version 4.0.4 or higher, or ensure your VMware ESXi or ESX systems are patched to versions above 5.0.
What software is affected by CVE-2012-3289?
CVE-2012-3289 affects VMware Workstation 8.x prior to 8.0.4, VMware Player 4.x prior to 4.0.4, and various versions of VMware ESXi and ESX from 3.5 to 5.0.
How can CVE-2012-3289 be exploited?
CVE-2012-3289 can be exploited remotely by sending crafted traffic from a remote virtual device, leading to a crash of the guest operating system.
Is there a workaround for CVE-2012-3289?
A workaround for CVE-2012-3289 may include restricting access to the network interfaces utilized by the affected VMware products until a patch is applied.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/8.0
- version/vmware workstation and esxi/8.0.1
- version/vmware workstation and esxi/8.0.2
- version/vmware workstation and esxi/8.0.3
- canonical/vmware player
- version/vmware player/4.0
- version/vmware player/4.0.1
- version/vmware player/4.0.2
- version/vmware player/4.0.3
- canonical/vmware esxi
- version/vmware esxi/3.5
- version/vmware esxi/3.5-update1
- version/vmware esxi/3.5-update2
- version/vmware esxi/3.5-update3
- version/vmware esxi/4.0
- version/vmware esxi/4.1
- canonical/vmware esxi and horizon daas
- version/vmware esxi and horizon daas/3.5
- version/vmware esxi and horizon daas/3.5-1
- version/vmware esxi and horizon daas/4.0
- version/vmware esxi and horizon daas/4.0-1
- version/vmware esxi and horizon daas/4.0-2
- version/vmware esxi and horizon daas/4.0-3
- version/vmware esxi and horizon daas/4.0-4
- version/vmware esxi and horizon daas/4.1
- version/vmware esxi and horizon daas/4.1-1
- version/vmware esxi and horizon daas/4.1-2
- version/vmware esxi and horizon daas/5.0