Vulnerabilities > CVE-2012-1666 - Unspecified vulnerability in VMWare products

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
vmware
nessus
exploit available
NVD
Published: 2012-09-08
Updated: 2012-09-10

Summary

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'

Vulnerable Configurations

Part Description Count
Application
Vmware
117
OS
Vmware
2

Exploit-Db

descriptionThinPrint 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution Vulnerability. CVE-2012-1666. Local exploit for windows platform
idEDB-ID:37780
last seen2016-02-04
modified2012-09-04
published2012-09-04
reporterMoshe Zioni
sourcehttps://www.exploit-db.com/download/37780/
titleThinPrint 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution Vulnerability

Nessus

NASL familyVMware ESX Local Security Checks
NASL idVMWARE_VMSA-2012-0012.NASL
descriptiona. ESXi update to third-party component libxml2 The libxml2 third-party library has been updated which addresses multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2012-0841 to these issues.
last seen2020-06-01
modified2020-06-02
plugin id59966
published2012-07-13
reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/59966
titleVMSA-2012-0012 : VMware ESXi update to third-party library

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/116257/vmwaretools-dllhijack.txt
idPACKETSTORM:116257
last seen2016-12-05
published2012-09-05
reporterMoshe Zioni
sourcehttps://packetstormsecurity.com/files/116257/VMWare-Tools-Binary-Planting.html
titleVMWare Tools Binary Planting

References