Rapid7 Vulnerability & Exploit Database

VMware Fusion: VMware SCSI device unchecked memory write (VMSA-2012-0009) (CVE-2012-2450)

Back to Search

VMware Fusion: VMware SCSI device unchecked memory write (VMSA-2012-0009) (CVE-2012-2450)

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
05/04/2012
Created
07/25/2018
Added
02/18/2014
Modified
05/09/2019

Description

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

Solution(s)

  • vmware-fusion-upgrade-4_1_2

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;