CVE-2010-1142

VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.

Published: 2010-04-12 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-1142 is rated Moderate Risk (61.6/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.11%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2010-1142

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-17 0.34% 1.11% +0.76%
2 2023-03-07 1.28% 0.34% -0.94%
3 2022-02-04 1.28%

Full EPSS history (3 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-1142

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.5 2.0 HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 6.8 10.0 [email protected]

Weakness enumeration for CVE-2010-1142

OS Trackers for CVE-2010-1142

vendor priority summary link
gentoo high CVE-2010-1142: 1 GLSA(s) (201209-25), 3 atom(s) (app-emulation/vmware-player, app-emulation/vmware-server, app-emulation/vmware-workstation); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-1142

Affected software / configurations for CVE-2010-1142

Vendor Product Version Raw CPE
vmware workstation 6.5.0 cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
vmware workstation 6.5.1 cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
vmware workstation 6.5.2 cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
vmware workstation 6.5.3 cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
vmware player 2.5 cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
vmware player 2.5.1 cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
vmware player 2.5.2 cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
vmware player 2.5.3 cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*
vmware ace 2.5.0 cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*
vmware ace 2.5.1 cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*
vmware ace 2.5.2 cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*
vmware ace 2.5.3 cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*
vmware server 2.0.0 cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*
vmware server 2.0.1 cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*
vmware server 2.0.2 cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
vmware fusion 2.0 cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
vmware fusion 2.0.1 cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
vmware fusion 2.0.2 cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
vmware fusion 2.0.3 cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
vmware fusion 2.0.4 cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
vmware fusion 2.0.5 cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*
vmware fusion 3.0 cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*
vmware esxi 3.5 cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
vmware esxi 4.0 cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
vmware esx 2.5.5 cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*
vmware esx 3.0.3 cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*
vmware esx 3.5 cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*
vmware esx 4.0 cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*

References for CVE-2010-1142

cvelogic Threat Intelligence