Unrated severityNVD Advisory· Published Jun 6, 2011· Updated Apr 29, 2026

CVE-2011-1787

Description

Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.

Affected products

VMware/Workstation3 versions
cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:7.1.3:*:*:*:*:*:*:*
VMware/Player4 versions
cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:3.1.3:*:*:*:*:*:*:*
VMware/Fusion3 versions
cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*
VMware/Esx4 versions
cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
VMware/Esxi3 versions
cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vmware.com/security/advisories/VMSA-2011-0009.htmlnvdPatchVendor Advisory
secunia.com/advisories/44840nvd
secunia.com/advisories/44904nvd
www.securityfocus.com/bid/48098nvd
www.securitytracker.com/idnvd
hermes.opensuse.org/messages/8711677nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000