Privilege Escalation in VMware Products due to Virtual-8086 Mode Error
CVE-2009-2267

Currently unrated

Key Information:

Vendor
Vmware
Status
Vendor
CVE Published:
2 November 2009

Summary

VMware products, including Workstation, Player, ACE, and ESXi, are susceptible to a privilege escalation vulnerability when utilizing Virtual-8086 mode. This flaw occurs due to improper handling of page faults, allowing malicious users within the guest operating system to exploit crafted values for the cs register. By doing so, they can gain unauthorized privileges, compromising the security of the virtualized environment. Users are advised to update to the latest versions to mitigate this risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.