Vulnerability Description
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Esx | 3.5 |
| Vmware | Esxi | 3.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/53369Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1027018Third Party AdvisoryVDB Entry
- http://www.vmware.com/security/advisories/VMSA-2012-0009.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75373VDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Tool Signature
- http://www.securityfocus.com/bid/53369Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1027018Third Party AdvisoryVDB Entry
- http://www.vmware.com/security/advisories/VMSA-2012-0009.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75373VDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Tool Signature
FAQ
What is CVE-2012-1516?
CVE-2012-1516 is a vulnerability with a CVSS score of 9.9 (CRITICAL). The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process cra...
How severe is CVE-2012-1516?
CVE-2012-1516 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2012-1516?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Esx, Vmware Esxi.