VMware Workstation / Player Multiple Vulnerabilities

Last Update Date: 14 Nov 2012 Release Date: 12 Nov 2012 4300 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - VM Ware

TYPE: VM Ware

Multiple vulnerabilities have been identified in VMware Workstation and VMware Player, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.

  1. An error due to insecure permissions being assigned to process threads when creating certain processes can be exploited to hijack the threads.
  2. The application loads certain libraries in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
  3. The application bundles a vulnerable version of OVF Tool.

A remote user can create a specially crafted OVF file that, when loaded by the target user via the OVF Tool, will trigger a format string flaw and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

Impact

  • Elevation of Privilege
  • Remote Code Execution

System / Technologies affected

  • VMware Player 4.x
  • VMware Workstation 8.x
  • OVF Tool 2.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Updatge to Workstation 8.0.5, Player 4.0.5, OVF Tool 3.0.1

Vulnerability Identifier

Source

Related Link

Share with

Previous

IrfanView TIFF Image Decompression Buffer Overflow Vulnerability

12 Nov 2012 4251 Views

Next

Microsoft Office Excel Multiple Vulnerabilities

14 Nov 2012 3917 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY