Description
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2019-0009.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108673
Scores
CVSS v3
7.1
EPSS
0.0012
EPSS Percentile
30.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (1)
vmware/tools
10.0.0 - 10.3.10
Published
Jun 06, 2019
Tracked Since
Feb 18, 2026