VMware Products Multiple Vulnerabilities (VMSA-2008-0014)

NASLDB: VMware Products Multiple Vulnerabilities (VMSA-2008-0014)

General

ID: 34156
Name: VMware Products Multiple Vulnerabilities (VMSA-2008-0014)

Summary: Checks versions of multiple VMware products

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Windows
Type: Local

Description

A VMware product installed on the remote host is affected by multiple
vulnerabilities :

– ActiveX controls provided by VMware for IE could be
exploited to cause a denial of service condition or
execute arbitrary code on the remote system.
(CVE-2007-5438, CVE-2008-3691-CVE-2008-3696,
CVE-2008-3892)

– Internet Server Application Programming Interface
(ISAPI) extensions provided by VMware are affected
by a remote denial of service vulnerability.
(CVE-2008-3697)

– Certain VMware products running as host systems are
affected by a local privilege escalation vulnerability.
Successful exploitation of this issue would allow
users to execute arbitrary code on the system.
(CVE-2008-3698)

– A flaw in VMWare’s CPU hardware emulation could result
in privilege escalation on guest systems running on
64-bit operating systems. (CVE-2008-4279)

Exploiting

Exploit Available: False
Exploitability Ease: No known exploits are available

Sources

CVE: CVE-2007-5438
OSVDB: –
Bugtraq: 26025
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2008/09/10

Plugin

Version: 1.15
Filename: vmware_multiple_vmsa_2008_0014.nasl
Filesize: 6711 bytes
MD5 Hash: 8fceef05327db1b3fde0b38ced8243a7

Identification: VMware/Workstation/Version
Require Keys: –
Dependencies: "vmware_workstation_detect.nasl","vmware_server_win_detect.nasl", "vmware_player_detect.nasl","vmware_ace_detect.nasl"

Letzte Plugins

Letzte Plugins

scip AG