VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Open-vm-tools | Ubuntu | devel | * |
Open-vm-tools | Ubuntu | focal | * |
Open-vm-tools | Ubuntu | jammy | * |
Open-vm-tools | Ubuntu | noble | * |
Open-vm-tools | Ubuntu | oracular | * |
Open-vm-tools | Ubuntu | plucky | * |