Detections
Analytics
VMware Player Multiple Vulnerabilities (VMSA-2012-0011)
high Nessus Plugin ID 59729
Language:
Synopsis
The remote host has a virtualization application that is affected by multiple vulnerabilities.Description
The VMware Player install detected on the remote host is 3.x earlier than 3.1.6, or 4.0.x, earlier than 4.0.4 and is, therefore, potentially affected by the following vulnerabilities :- A memory corruption error exists related to the handling of 'Checkpoint' files that can allow arbitrary code execution. (CVE-2012-3288)
- An error exists related to handling traffic from remote physical devices, e.g. CD-ROM or mouse that can cause the virtual machine to crash. Note that this issue affects only the 4.x branch. (CVE-2012-3289)
Solution
Upgrade to VMware Player 3.1.6 / 4.0.4 or later.See Also
http://www.vmware.com/security/advisories/VMSA-2012-0011.html
https://www.vmware.com/support/player40/doc/releasenotes_player404.html
https://www.vmware.com/support/player31/doc/releasenotes_player316.html
Plugin Details
Severity: High
ID: 59729
File Name: vmware_player_multiple_vmsa_2012_0011.nasl
Version: 1.7
Type: local
Agent: windows
Family: Windows
Published: 6/27/2012
Updated: 12/4/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2012-3288
Vulnerability Information
CPE: cpe:/a:vmware:player
Required KB Items: SMB/Registry/Enumerated, VMware/Player/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 6/14/2012
Vulnerability Publication Date: 6/14/2012
Reference Information
CVE: CVE-2012-3288, CVE-2012-3289
BID: 53996
VMSA: 2012-0011