Improper RPC Command Handling in VMware ESXi and ESX Products
CVE-2012-1517

Currently unrated

Key Information:

Vendor: Vmware
Status: Esxi; Esx
Vendor: CVE Published:; 4 May 2012

Summary

The VMX process in VMware ESXi 4.1 and ESX 4.1 contains a vulnerability due to improper handling of RPC commands, which can be exploited by guest OS users. Attackers may leverage this vulnerability to perform a denial of service attack, causing a memory overwrite and crash of the process. Additionally, there is a potential for arbitrary code execution on the host OS, through manipulation of function pointers. This vulnerability highlights the need for vigilant patch management and security practices to mitigate related risks.

References

http://osvdb.org/81692

vdb-entryx_refsource_OSVDB

http://www.vmware.com/security/advisories/VMSA-2012-0009....

x_refsource_CONFIRM

http://www.securitytracker.com/id?1027018

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 4, 2012
Vulnerability Reserved
Mar 8, 2012