Vulnerability Description
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Workstation | 4.5.2_build_8848 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1320.htmlExploit
- http://www.osvdb.org/12169
- http://www.securityfocus.com/bid/11737
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18297
- http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1320.htmlExploit
- http://www.osvdb.org/12169
- http://www.securityfocus.com/bid/11737
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18297
FAQ
What is CVE-2004-2515?
CVE-2004-2515 is a vulnerability with a CVSS score of 7.2 (HIGH). Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line ...
How severe is CVE-2004-2515?
CVE-2004-2515 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2515?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Workstation.