CVE-2014-1209
VMware vSphere Client 4.0-5.1 - Remote Code Execution via Unvalidated Update
Title source: llmDescription
VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2014-0003.html
Scores
EPSS
0.0413
EPSS Percentile
88.8%
Details
CWE
CWE-20
Status
published
Products (4)
vmware/vsphere_client
4.0
vmware/vsphere_client
4.1
vmware/vsphere_client
5.0
vmware/vsphere_client
5.1
Published
Apr 11, 2014
Tracked Since
Feb 18, 2026