Privilege Escalation in VMware Products due to Virtual-8086 Mode Error
CVE-2009-2267

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Fusion; Server
Vendor: CVE Published:; 2 November 2009

Summary

VMware products, including Workstation, Player, ACE, and ESXi, are susceptible to a privilege escalation vulnerability when utilizing Virtual-8086 mode. This flaw occurs due to improper handling of page faults, allowing malicious users within the guest operating system to exploit crafted values for the cs register. By doing so, they can gain unauthorized privileges, compromising the security of the virtualized environment. Users are advised to update to the latest versions to mitigate this risk.

References

http://security.gentoo.org/glsa/glsa-201209-25.xml

vendor-advisoryx_refsource_GENTOO

http://www.vupen.com/english/advisories/2009/3062

vdb-entryx_refsource_VUPEN

http://lists.vmware.com/pipermail/security-announce/2009/...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 2, 2009
Vulnerability Reserved
Jul 1, 2009