CVE-2011-1126 | Vulnerability Database | Aqua Security

VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.

Affected Software

Name	Vendor	Start Version	End Version
Vix_api	Vmware	1.0 (including)	1.0 (including)
Vix_api	Vmware	1.1 (including)	1.1 (including)
Vix_api	Vmware	1.1.1 (including)	1.1.1 (including)
Vix_api	Vmware	1.1.2 (including)	1.1.2 (including)
Vix_api	Vmware	1.1.3 (including)	1.1.3 (including)
Vix_api	Vmware	1.1.4 (including)	1.1.4 (including)
Vix_api	Vmware	1.1.5 (including)	1.1.5 (including)
Vix_api	Vmware	1.6.0 (including)	1.6.0 (including)
Vix_api	Vmware	1.6.1 (including)	1.6.1 (including)
Vix_api	Vmware	1.7 (including)	1.7 (including)
Vix_api	Vmware	1.8 (including)	1.8 (including)
Vix_api	Vmware	1.8.1 (including)	1.8.1 (including)
Vix_api	Vmware	1.9 (including)	1.9 (including)

References

http://lists.vmware.com/pipermail/security-announce/2011/000131.html
http://secunia.com/advisories/43885
http://secunia.com/advisories/43943
http://securityreason.com/securityalert/8173
http://securitytracker.com/id?1025270
http://www.securityfocus.com/archive/1/517240/100/0/threaded
http://www.securityfocus.com/bid/47094
http://www.vmware.com/security/advisories/VMSA-2011-0006.html
http://www.vupen.com/english/advisories/2011/0816
https://exchange.xforce.ibmcloud.com/vulnerabilities/66472

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1126
CWE	https://cwe.mitre.org/data/definitions/264.html