VMware Workstation Multiple Vulnerabilities (VMSA-2012-0009)

NASLDB: VMware Workstation Multiple Vulnerabilities (VMSA-2012-0009)

General

ID: 59092
Name: VMware Workstation Multiple Vulnerabilities (VMSA-2012-0009)

Summary: Checks VMware Workstation version

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Windows
Type: Local

Description

The VMware Workstation install detected on the remote host is 7.x
earlier than 7.1.6 or 8.0.x earlier than 8.0.3 and is, therefore,
potentially affected by the following vulnerabilities :

– Memory corruption errors exist related to the
RPC commands handler function which could cause the
application to crash or possibly allow an attacker to
execute arbitrary code. Note that these errors only
affect the 3.x branch. (CVE-2012-1516, CVE-2012-1517)

– An error in the virtual floppy device configuration
can allow out-of-bounds memory writes and can allow
a guest user to crash the VMX process or potentially
execute arbitrary code on the host. Note that root or
administrator level privileges in the guest are required
for successful exploitation along with the existence of
a virtual floppy device in the guest. (CVE-2012-2449)

– An error in the virtual SCSI device registration
process can allow improper memory writes and can allow
a guest user to crash the VMX process or potentially
execute arbitrary code on the host. Note that root or
administrator level privileges are required in the
guest for successful exploitation along with the
existence of a virtual SCSI device in the guest.
(CVE-2012-2450)