CVE-2009-2267

EXPLOITED

VMware ESX <4.0 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2009-2267 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Tavis Ormandy & Julien Tinnes.

AI-analyzed exploit summary This is a vulnerability writeup for CVE-2009-2267, detailing affected VMWare products and versions. It does not contain exploit code but provides references to an external exploit archive.

Description

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tavis Ormandy & Julien Tinnes · textlocalmultiple

https://www.exploit-db.com/exploits/10207

View Code ZIP pw:eip

This is a vulnerability writeup for CVE-2009-2267, detailing affected VMWare products and versions. It does not contain exploit code but provides references to an external exploit archive.

Classification

Writeup 90%

Attack Type

Other

Complexity

N/a

Reliability

N/a

Target: VMWare Workstation, Server, Player, Fusion, ESXi, ESX, ACE (multiple versions)

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →