CVE-2013-1406

Vmware Workstation - Improper Input Validation

Title source: rule

Description

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

by Artem Shishkin · clocalmultiple

https://www.exploit-db.com/exploits/40164

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2013-0002.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17164

Scores

EPSS 0.0074

EPSS Percentile 73.1%

Details

CWE

CWE-20

Status published

Products (29)

vmware/esx 4.0

vmware/esx 4.1

vmware/esxi 4.0 (5 CPE variants)

vmware/esxi 4.1 (3 CPE variants)

vmware/esxi 5.0 (3 CPE variants)

vmware/esxi 5.1

vmware/fusion 4.1

vmware/fusion 4.1.1

vmware/fusion 4.1.2

vmware/fusion 4.1.3

... and 19 more

Published Feb 11, 2013

Tracked Since Feb 18, 2026