Vulnerability Details CVE-2012-1516
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.0%
CVSS Severity
CVSS v3 Score 9.9
CVSS v2 Score 9.0
References
- http://www.securityfocus.com/bid/53369
- http://www.securitytracker.com/id?1027018
- http://www.vmware.com/security/advisories/VMSA-2012-0009.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75373
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16810
- http://www.securityfocus.com/bid/53369
- http://www.securitytracker.com/id?1027018
- http://www.vmware.com/security/advisories/VMSA-2012-0009.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75373
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16810
Products affected by CVE-2012-1516
-
cpe:2.3:o:vmware:esx:3.5
-
cpe:2.3:o:vmware:esx:4.0
-
cpe:2.3:o:vmware:esx:4.1
-
cpe:2.3:o:vmware:esxi:3.5
-
cpe:2.3:o:vmware:esxi:4.0
-
cpe:2.3:o:vmware:esxi:4.1