CVE-2009-3281

VMware Fusion < 2.0.6 - Privilege Escalation via Incorrect File Permissions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3281. PoCs published by mu-b.

AI-analyzed exploit summary This exploit targets a local kernel vulnerability in VMware Fusion's vmx86 kext (CVE-2009-3281) to achieve privilege escalation. It leverages an uninitialized driver state to execute shellcode that modifies kernel structures, granting root access.

Description

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · clocalosx

https://www.exploit-db.com/exploits/10076

View Code ZIP pw:eip

This exploit targets a local kernel vulnerability in VMware Fusion's vmx86 kext (CVE-2009-3281) to achieve privilege escalation. It leverages an uninitialized driver state to execute shellcode that modifies kernel structures, granting root access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: VMware Fusion <= 2.0.5

No auth needed

Prerequisites: VMware Fusion <= 2.0.5 installed · vmx86 kext loaded but uninitialized · Local access to the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory mailing-list x_refsource_mlist

http://lists.vmware.com/pipermail/security-announce/2009/000066.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2811

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2009-0013.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36928

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1022981

Scores

EPSS 0.0093

EPSS Percentile 56.0%

Details

CWE

CWE-264

Status published

Products (11)

vmware/fusion 1.0

vmware/fusion 1.1

vmware/fusion 1.1.1

vmware/fusion 1.1.2

vmware/fusion 1.1.3

vmware/fusion 2.0

vmware/fusion 2.0.1

vmware/fusion 2.0.2

vmware/fusion 2.0.3

vmware/fusion 2.0.4

... and 1 more

Published Oct 16, 2009

Tracked Since Feb 18, 2026