CVE-2014-4200

Description

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

How to fix CVE-2014-4200

To remediate CVE-2014-4200, upgrade the affected package to a fixed version below.

• Debian/open-vm-tools—upgrade to 2:9.4.6-1770165-1 or later

Is CVE-2014-4200 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2:9.4.6-1770165-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-4200