CVE-2012-4897

Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory.

Published: Oct 5, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-4897
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
vmware / movie_decoder	7.0	7.0.x
vmware / movie_decoder	6.5.5	6.5.5.x
vmware / movie_decoder	6.5.4	6.5.4.x
vmware / movie_decoder	6.5.3	6.5.3.x
vmware / movie_decoder	6.5.2	6.5.2.x
vmware / movie_decoder	-	7.1.2.x

http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html
http://osvdb.org/85957
http://www.securityfocus.com/bid/55802
http://www.vmware.com/security/advisories/VMSA-2012-0014.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/79046

Vulnerability Database

289,697

CVE-2012-4897