CVE-2012-1666

VMware Tools <8.0.4-4.0.4-4.1.2-5.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1666. PoCs published by Moshe Zioni.

AI-analyzed exploit summary This exploit demonstrates a DLL hijacking vulnerability in ThinPrint, allowing local attackers to execute arbitrary code (e.g., calc.exe) with the privileges of the user running the affected application. The PoC uses a malicious DllMain function to trigger the payload upon DLL load.

Description

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moshe Zioni · clocalwindows

https://www.exploit-db.com/exploits/37780

View Code ZIP pw:eip

This exploit demonstrates a DLL hijacking vulnerability in ThinPrint, allowing local attackers to execute arbitrary code (e.g., calc.exe) with the privileges of the user running the affected application. The PoC uses a malicious DllMain function to trigger the payload upon DLL load.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: ThinPrint (version not specified)

No auth needed

Prerequisites: Local access to the system · Ability to place a malicious DLL in a directory searched by ThinPrint

MITRE ATT&CK

T1574.001 - DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html

Vendor Advisory x_refsource_confirm

https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity

Scores

EPSS 0.0078

EPSS Percentile 51.1%

Details

Status published

Products (20)

vmware/esx 4.1

vmware/esx 5.0

vmware/fusion 4.0

vmware/fusion 4.0.1

vmware/fusion 4.0.2

vmware/fusion 4.1

vmware/fusion < 4.1.1

vmware/player 4.0

vmware/player 4.0.0.18997

vmware/player 4.0.1

... and 10 more

Published Sep 08, 2012

Tracked Since Feb 18, 2026