Description
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41574
Various Sources mailing-list
x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2491
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024481
Scores
EPSS
0.0010
EPSS Percentile
26.6%
Details
CWE
CWE-264
Status
published
Products (8)
vmware/player
3.0
vmware/player
3.0.1
vmware/player
3.1
vmware/player
3.1.1
vmware/workstation
7.0
vmware/workstation
7.0.1
vmware/workstation
7.1
vmware/workstation
7.1.1
Published
Sep 28, 2010
Tracked Since
Feb 18, 2026