Symlink Attack Vulnerability in VMware Tools Affects VMware Workstation
CVE-2014-4199

Currently unrated

Key Information:

Vendor: Vmware
Status: Vm-support; Workstation; Tools
Vendor: CVE Published:; 28 August 2014

Summary

The vulnerability in VMware Tools version 0.88, included with VMware Workstation up to version 10.0.3, allows local users to manipulate symlinks in the /tmp directory. This exploit can enable unauthorized access to modify or write arbitrary files, which may lead to further security breaches or compromise of sensitive data. Organizations using affected versions should apply appropriate security measures to mitigate this risk.

References

http://seclists.org/fulldisclosure/2014/Aug/71

mailing-listx_refsource_FULLDISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/95493

vdb-entryx_refsource_XF

http://www.osvdb.org/110458

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Aug 28, 2014
Vulnerability Reserved
Jun 17, 2014