CVE-2014-4199

Description

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

How to fix CVE-2014-4199

To remediate CVE-2014-4199, upgrade the affected package to a fixed version below.

• Debian/open-vm-tools—upgrade to 2:9.4.6-1770165-7 or later

Is CVE-2014-4199 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2:9.4.6-1770165-7

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-4199