Memory Allocation Flaw in VMware Products Allowing Code Execution
CVE-2015-2337

Currently unrated

Key Information:

Vendor: Vmware
Status: Player; Workstation; Fusion
Vendor: CVE Published:; 13 June 2015

Summary

A memory allocation flaw exists in TPInt.dll of multiple VMware products, including Workstation, Player, and Horizon Client. This vulnerability permits users on a guest OS to potentially execute arbitrary code on the host operating system. The improper memory handling can be exploited through various unspecified vectors, leading to significant security risks if not mitigated. Regular updates and security patches are essential to safeguard systems against this issue.

References

http://www.securitytracker.com/id/1032529

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/75095

vdb-entryx_refsource_BID

http://www.vmware.com/security/advisories/VMSA-2015-0004....

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 13, 2015
Vulnerability Reserved
Mar 18, 2015