Vulnerability Description
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Player | 6.0.1_build_1379776 |
| Vmware | Workstation | 10.0.1_build_1379776 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Apr/163
- https://www.portcullis-security.com/security-research-and-downloads/security-adv
- http://seclists.org/fulldisclosure/2014/Apr/163
- https://www.portcullis-security.com/security-research-and-downloads/security-adv
FAQ
What is CVE-2014-2384?
CVE-2014-2384 is a vulnerability with a CVSS score of 4.9 (MEDIUM). vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via ...
How severe is CVE-2014-2384?
CVE-2014-2384 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2384?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Player, Vmware Workstation.