CVE-2015-2336 - Vulnerability Details

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Vmware	Fusion Horizon Client Horizon View Client Player Workstation

Configuration 1 [-]

OR	cpe:2.3:a:vmware:fusion:6.0:::::::*
	cpe:2.3:a:vmware:fusion:6.0.1:::::::*
	cpe:2.3:a:vmware:fusion:6.0.2:::::::*
	cpe:2.3:a:vmware:fusion:6.0.3:::::::*
	cpe:2.3:a:vmware:fusion:6.0.4:::::::*
	cpe:2.3:a:vmware:fusion:6.0.5:::::::*
	cpe:2.3:a:vmware:fusion:7.0:::::::*
	cpe:2.3:a:vmware:fusion:7.0.1:::::::*
	cpe:2.3:a:vmware:player:6.0:::::::*
	cpe:2.3:a:vmware:player:6.0.1:::::::*
	cpe:2.3:a:vmware:player:6.0.2:::::::*
	cpe:2.3:a:vmware:player:6.0.3:::::::*
	cpe:2.3:a:vmware:player:6.0.4:::::::*
	cpe:2.3:a:vmware:player:6.0.5:::::::*
	cpe:2.3:a:vmware:player:7.0:::::::*
	cpe:2.3:a:vmware:player:7.1:::::::*
	cpe:2.3:a:vmware:workstation:10.0:::::::*
	cpe:2.3:a:vmware:workstation:10.0.1:::::::*
	cpe:2.3:a:vmware:workstation:10.0.2:::::::*
	cpe:2.3:a:vmware:workstation:10.0.3:::::::*
	cpe:2.3:a:vmware:workstation:10.0.4:::::::*
	cpe:2.3:a:vmware:workstation:10.0.5:::::::*
	cpe:2.3:a:vmware:workstation:11.0:::::::*
	cpe:2.3:a:vmware:workstation:11.1:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:vmware:horizon_client:3.2.0:::::::*
	cpe:2.3:a:vmware:horizon_client:3.3:::::::*
	cpe:2.3:a:vmware:horizon_view_client:5.4:::::::*
	cpe:2.3:a:vmware:horizon_view_client:5.4.1:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/75095
http://www.securitytracker.com/id/1032529
http://www.securitytracker.com/id/1032530
http://www.vmware.com/security/advisories/VMSA-2015-0004.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-06-13T14:00:00

Updated: 2024-08-06T05:10:15.942Z

Reserved: 2015-03-18T00:00:00

Link: CVE-2015-2336

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-06-13T14:59:00.077

Modified: 2024-11-21T02:27:14.680

Link: CVE-2015-2336

Redhat

No data.

Metrics

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object