Vmware: >> Workstation Security Vulnerabilities
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.
CVSS Score
7.2
EPSS Score
0.0
Published
2004-12-31
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
CVSS Score
4.6
EPSS Score
0.001
Published
2003-10-20
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
CVSS Score
7.2
EPSS Score
0.0
Published
2003-08-27
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
CVSS Score
3.7
EPSS Score
0.0
Published
2003-08-07
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
CVSS Score
3.6
EPSS Score
0.0
Published
2001-07-30
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.
CVSS Score
3.6
EPSS Score
0.001
Published
2000-01-17
Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.
CVSS Score
7.2
EPSS Score
0.008
Published
1999-06-26
Page 22