VulDB: Vmware Workstation/Player/Fusion/ESXi/ESX File buffer overflow
General
scipID: 5563
Affected: Vmware Workstation/Player/Fusion/ESXi/ESX
Published: 06/14/2012 (Thorsten Tüllmann)
Risk: 
critical
Entry: 89.5% complete
Created: 06/21/2012
Updated: 09/03/2012
Summary
A vulnerability classified as critical was found in Vmware Workstation, Player, Fusion, ESXi and ESX. Affected by this vulnerability is an unknown function. The manipulation as part of a File leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was presented 06/14/2012 by Thorsten Tüllmann as VMSA-2012-0011 as advisory (vmware.com). The advisory is shared for download at vmware.com. This vulnerability is known as CVE-2012-3288 since 06/07/2012. The technical details are unknown and an exploit is not publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 59730 (VMware Workstation Multiple Vulnerabilities (VMSA-2012-0011)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context local.
Upgrading eliminates this vulnerability. The upgrade is hosted for download at vmware.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82979), Secunia (SA49430) and SecurityFocus (BID 53996).CVSS
Base Score: 7.4 (CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: Yes
Remote: No
Availability: No
Nessus ID: 59730
Nessus Name: VMware Workstation Multiple Vulnerabilities (VMSA-2012-0011)
Nessus Family: Windows
Nessus Context: local
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: vmware.com
Timeline
06/07/2012 | CVE assigned
06/14/2012 | Advisory disclosed
06/14/2012 | Countermeasure disclosed
06/16/2012 | OSVDB entry created
06/21/2012 | VulDB entry created
06/27/2012 | Nessus plugin released
09/03/2012 | VulDB entry updated
Sources
Advisory: VMSA-2012-0011
Researcher: Thorsten Tüllmann
OSVDB: 82979
CVE: CVE-2012-3288 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49430
SecurityFocus: 53996
- Latest Entries
- EMC RSA Authentication API Encryption Key information disclosure
- Cisco Secure Access Control System Web Interface weak authentication
- Python ssl.match_hostname() denial of service
- Mozilla Firefox/Thunderbird nsContentUtils::RemoveScriptBlocker buffer overflow
- Mozilla Firefox/Thunderbird nsFrameList::FirstChild buffer overflow
- Statistics
- Archive
