Heap-based Buffer Overflow in VMware Products
CVE-2005-4459

Currently unrated

Key Information:

Vendor: Vmware
Status: Gsx Server; Ace; Workstation; Player
Vendor: CVE Published:; 21 December 2005

Summary

A heap-based buffer overflow exists in the NAT networking components of VMware products, including VMware Workstation, GSX Server, ACE, and Player. This vulnerability allows remote authenticated attackers, including guests on the virtual machines, to execute arbitrary code. Exploitation occurs through specially crafted EPRT and PORT FTP commands, leading to potential unauthorized access and control of affected systems.

References

http://secunia.com/advisories/18344

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/282

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2005/3013

vdb-entryx_refsource_VUPEN

EPSS Score

63% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 21, 2005
Vulnerability Reserved
Dec 21, 2005