CVE-2013-1406

CVE Database · CVE-2013-1406

CVE-2013-1406

· N/AModified

CVSS v3.1

N/A

EPSS

0.97%

Published

Feb 11, 2013

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

Exploit-DBVMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys'

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.

Weaknesses (CWE)

CWE-20

Affected Products (41)

vmware · workstationvulnerable

microsoft · windows

vmware · fusionvulnerable

vmware · fusion

References (4)

http://www.vmware.com/security/advisories/VMSA-2013-0002.html

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17164

http://www.vmware.com/security/advisories/VMSA-2013-0002.html

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17164

KEV Catalog EPSS Scores Vendors All CVEs