Details of VAR-201404-0334

ID

VAR-201404-0334

CVE

CVE-2014-2384

TITLE

Windows Run on VMware Workstation and VMware Player of vmx86.sys Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002139

DESCRIPTION

vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable.". VMware Player is a free software that allows PC users to easily run virtual machines on Windows or Linux PCs. VMWare Workstation is a popular virtual machine application. Allows a local attacker to cause a blue screen, causing the system to crash. Local attackers with access to a guest operating system can exploit this issue to crash the host operating system, effectively denying service to legitimate users. The Blue Screen is triggered because the vulnerable function doesn\x92t check if a pointer to a memory page is valid or not, thus causing a memory access violation by trying to read from an unallocated memory page. Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/ Copyright: Copyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information

Trust: 2.7

sources: NVD: CVE-2014-2384 // JVNDB: JVNDB-2014-002139 // CNVD: CNVD-2014-02126 // BID: 66784 // IVD: a2d83b08-1ee0-11e6-abef-000c29c66e3d // PACKETSTORM: 126135

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a2d83b08-1ee0-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02126

AFFECTED PRODUCTS

vendor:	vmware	model:	workstation	scope:	eq	version:	10.0.1_build_1379776	Trust: 1.6
vendor:	vmware	model:	player	scope:	eq	version:	6.0.1_build_1379776	Trust: 1.6
vendor:	vmware	model:	player	scope:	eq	version:	6.0.1 build 1379776	Trust: 0.8
vendor:	vmware	model:	workstation	scope:	eq	version:	10.0.1 build 1379776	Trust: 0.8
vendor:	vmware	model:	workstation build-1379776	scope:	eq	version:	10.0.1	Trust: 0.6
vendor:	vmware	model:	player build-1379776	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	player	model:	6.0.1 build 1379776	scope:	-	version:	-	Trust: 0.2
vendor:	workstation	model:	10.0.1 build 1379776	scope:	-	version:	-	Trust: 0.2

sources: IVD: a2d83b08-1ee0-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02126 // JVNDB: JVNDB-2014-002139 // CNNVD: CNNVD-201404-224 // NVD: CVE-2014-2384

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2384
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2384
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02126
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-224
value:	MEDIUM
Trust: 0.6
IVD:	a2d83b08-1ee0-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2014-2384
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02126
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a2d83b08-1ee0-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: a2d83b08-1ee0-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02126 // JVNDB: JVNDB-2014-002139 // CNNVD: CNNVD-201404-224 // NVD: CVE-2014-2384

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2014-002139 // NVD: CVE-2014-2384

THREAT TYPE

local

Trust: 0.9

sources: BID: 66784 // CNNVD: CNNVD-201404-224

TYPE

Resource management error

Trust: 0.8

sources: IVD: a2d83b08-1ee0-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-224

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002139

PATCH

title:

トップページ

url:

http://www.vmware.com/jp/

Trust: 0.8

sources: JVNDB: JVNDB-2014-002139

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2384	Trust: 3.6
db:	CNVD	id:	CNVD-2014-02126	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-224	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-002139	Trust: 0.8
db:	OSVDB	id:	105193	Trust: 0.6
db:	FULLDISC	id:	20140411 CVE-2014-2384 - INVALID POINTER DEREFERENCE IN VMWARE WORKSTATION AND PLAYER	Trust: 0.6
db:	NSFOCUS	id:	26505	Trust: 0.6
db:	BID	id:	66784	Trust: 0.3
db:	IVD	id:	A2D83B08-1EE0-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	126135	Trust: 0.1

sources: IVD: a2d83b08-1ee0-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02126 // BID: 66784 // JVNDB: JVNDB-2014-002139 // PACKETSTORM: 126135 // CNNVD: CNNVD-201404-224 // NVD: CVE-2014-2384

REFERENCES

url:	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2014/apr/163	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2384	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2384	Trust: 0.8
url:	http://osvdb.com/show/osvdb/105193	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/26505	Trust: 0.6
url:	http://www.vmware.com	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2384	Trust: 0.1

sources: CNVD: CNVD-2014-02126 // BID: 66784 // JVNDB: JVNDB-2014-002139 // PACKETSTORM: 126135 // CNNVD: CNNVD-201404-224 // NVD: CVE-2014-2384

CREDITS

Kyriakos Economou

Trust: 0.4

sources: BID: 66784 // PACKETSTORM: 126135

SOURCES

db:	IVD	id:	a2d83b08-1ee0-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-02126
db:	BID	id:	66784
db:	JVNDB	id:	JVNDB-2014-002139
db:	PACKETSTORM	id:	126135
db:	CNNVD	id:	CNNVD-201404-224
db:	NVD	id:	CVE-2014-2384

LAST UPDATE DATE

2024-11-23T22:42:37.952000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02126	date:	2014-04-04T00:00:00
db:	BID	id:	66784	date:	2014-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-002139	date:	2014-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201404-224	date:	2014-04-17T00:00:00
db:	NVD	id:	CVE-2014-2384	date:	2024-11-21T02:06:11.310

SOURCES RELEASE DATE

db:	IVD	id:	a2d83b08-1ee0-11e6-abef-000c29c66e3d	date:	2014-04-04T00:00:00
db:	CNVD	id:	CNVD-2014-02126	date:	2014-04-04T00:00:00
db:	BID	id:	66784	date:	2014-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-002139	date:	2014-04-18T00:00:00
db:	PACKETSTORM	id:	126135	date:	2014-04-12T03:50:36
db:	CNNVD	id:	CNNVD-201404-224	date:	2014-04-17T00:00:00
db:	NVD	id:	CVE-2014-2384	date:	2014-04-15T23:13:15.697