CVE-2009-1244

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Fusion; Workstation
Vendor: CVE Published:; 13 April 2009

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

vmware_exploit_pack_CVE-2009-1244
Created by piotrbania

References

http://security.gentoo.org/glsa/glsa-201209-25.xml

vendor-advisoryx_refsource_GENTOO

https://exchange.xforce.ibmcloud.com/vulnerabilities/49834

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/34471

vdb-entryx_refsource_BID

Timeline

🟡
Public PoC available
Jun 11, 2019
👾
Exploit known to exist
Jun 11, 2019
Vulnerability published
Apr 13, 2009
Vulnerability Reserved
Apr 6, 2009