CVE-2015-2336

VMware Workstation, Player, and Horizon Client - Remote Code Execution in TPView.dll

Title source: llm

Description

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032529

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/75095

Patch, Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2015-0004.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032530

Scores

EPSS 0.0009

EPSS Percentile 25.7%

Details

CWE

CWE-399

Status published

Products (28)

vmware/fusion 6.0

vmware/fusion 6.0.1

vmware/fusion 6.0.2

vmware/fusion 6.0.3

vmware/fusion 6.0.4

vmware/fusion 6.0.5

vmware/fusion 7.0

vmware/fusion 7.0.1

vmware/horizon_client 3.2.0

vmware/horizon_client 3.3

... and 18 more

Published Jun 13, 2015

Tracked Since Feb 18, 2026