How to Buy
This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote host has a virtualization application that is affected by
The version of VMware Fusion 4.x installed on the Mac OS X host is
earlier than 4.1.3, and is therefore reportedly affected by the
following vulnerabilities :
- Due to a flaw in the virtual floppy configuration it is
possible to perform an out-of-bounds memory write. This
vulnerability may allow a guest user to crash the VMX
process or potentially execute code on the host. As a
workaround, remove the virtual floppy drive from the
list of virtual IO devices. The VMware hardening guides
recommend removing unused virtual IO devices in general.
Additionally, do not allow untrusted root users in your
virtual machines. Root or Administrator level
permissions are required to exploit this issue.
- A memory corruption error exists related to the
handling of 'Checkpoint' files that can allow arbitrary
code execution. (CVE-2012-3288)
See also :
Upgrade to VMware Fusion 4.1.3 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 59818 ()
Bugtraq ID: 53996
CVE ID: CVE-2012-2449CVE-2012-3288
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.