CVE-2005-2939 - Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local

CVE-2005-2939

Summary

Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.

References

http://securitytracker.com/id?1015225
http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities
http://www.securityfocus.com/bid/15448

Vulnerable Configurations

cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 05-09-2008 - 20:53)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	15448
idefense	20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability
sectrack	1015225

Last major update

05-09-2008 - 20:53

Published

18-11-2005 - 06:03

Last modified

05-09-2008 - 20:53