Remote Code Execution Vulnerability in VMware Products
CVE-2009-1244

Currently unrated

Key Information:

Vendor
Vmware
Status
Ace
Player
Fusion
Workstation
Vendor
CVE Published:
13 April 2009

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An unspecified vulnerability exists in the virtual machine display function of various VMware products, enabling users of a guest operating system to execute arbitrary code on the host operating system. This issue affects multiple versions across VMware Workstation, Player, ACE, Server, Fusion, ESXi, and ESX, allowing potentially unauthorized access and exploitation through unknown vectors.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

vmware_exploit_pack_CVE-2009-1244
Created by piotrbania

References

http://security.gentoo.org/glsa/glsa-201209-25.xml
vendor-advisoryx_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/49834
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/34471
vdb-entryx_refsource_BID

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.