Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2515

Description

Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.

Affected products

VMware/Workstation2 versions
cpe:2.3:a:vmware:workstation:4.5.2_build_8848:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:vmware:workstation:4.5.2_build_8848:*:*:*:*:*:*:*
- (no CPE)range: =4.5.2 build-8848

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/fulldisclosure/2004-11/1320.htmlnvdExploit
www.osvdb.org/12169nvd
www.securityfocus.com/bid/11737nvd
exchange.xforce.ibmcloud.com/vulnerabilities/18297nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000