Unrated severityNVD Advisory· Published Apr 12, 2010· Updated Apr 29, 2026

CVE-2010-1138

Description

The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.

Affected products

VMware/Workstation5 versions
cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
VMware/Player5 versions
cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*
VMware/Ace5 versions
cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*
VMware/Server3 versions
cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
VMware/Fusion8 versions
cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.vmware.com/pipermail/security-announce/2010/000090.htmlnvdPatchVendor Advisory
www.vmware.com/security/advisories/VMSA-2010-0007.htmlnvdPatchVendor Advisory
secunia.com/advisories/39203nvdVendor Advisory
secunia.com/advisories/39206nvdVendor Advisory
secunia.com/advisories/39215nvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2010-04/0077.htmlnvd
archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.htmlnvd
osvdb.org/63607nvd
security.gentoo.org/glsa/glsa-201209-25.xmlnvd
www.securityfocus.com/bid/39395nvd
www.securitytracker.com/idnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000