CVE-2013-3519

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.

Published: 2013-12-04 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2013-3519 is rated Moderate Risk (45.4/100): CVSS High severity, with low exploitation likelihood (EPSS 0.17%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2013-3519

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-06-15 0.09% 0.17% +0.08%
2 2025-03-30 0.20% 0.09% -0.12%
3 2025-03-29 0.20%

Full EPSS history (5 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-3519

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.9 2.0 HIGH
AV:A/AC:M/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:A)
Requires access to an adjacent network segment.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 5.5 10.0 [email protected]

Weakness enumeration for CVE-2013-3519

Affected software / configurations for CVE-2013-3519

Vendor Product Version Raw CPE
vmware esxi 4.0 cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
vmware esxi 4.1 cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
vmware esxi 5.0 cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*
vmware esxi 5.1 cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*
vmware workstation 9.0 cpe:2.3:a:vmware:workstation:9.0:*:*:*:*:*:*:*
vmware workstation 9.0.1 cpe:2.3:a:vmware:workstation:9.0.1:*:*:*:*:*:*:*
vmware workstation 9.0.2 cpe:2.3:a:vmware:workstation:9.0.2:*:*:*:*:*:*:*
vmware esx 4.0 cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
vmware esx 4.1 cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*
vmware player 5.0 cpe:2.3:a:vmware:player:5.0:*:*:*:*:*:*:*
vmware player 5.0.1 cpe:2.3:a:vmware:player:5.0.1:*:*:*:*:*:*:*
vmware player 5.0.2 cpe:2.3:a:vmware:player:5.0.2:*:*:*:*:*:*:*
vmware fusion 5.0 cpe:2.3:a:vmware:fusion:5.0:*:*:*:*:*:*:*
vmware fusion 5.0.1 cpe:2.3:a:vmware:fusion:5.0.1:*:*:*:*:*:*:*
vmware fusion 5.0.2 cpe:2.3:a:vmware:fusion:5.0.2:*:*:*:*:*:*:*
vmware fusion 5.0.3 cpe:2.3:a:vmware:fusion:5.0.3:*:*:*:*:*:*:*

References for CVE-2013-3519

cvelogic Threat Intelligence