This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote VMware ESXi / ESX host is missing a security-related patch.
a. VMware LGTOSYNC privilege escalation.
VMware ESX, Workstation and Fusion contain a vulnerability
in the handling of control code in lgtosync.sys. A local
malicious user may exploit this vulnerability to manipulate the
memory allocation. This could result in a privilege
escalation on 32-bit Guest Operating Systems running Windows 2000
Server, Windows XP or Windows 2003 Server on ESXi and ESX
Windows XP on Workstation and Fusion.
The vulnerability does not allow for privilege escalation
from the Guest Operating System to the host. This means
that host memory can not be manipulated from the Guest
VMware would like to thank Derek Soeder of Cylance, Inc. for
reporting this issue to us.
The Common Vulnerabilityies and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-3519 to this issue.
See also :
Apply the missing patch.
Risk factor :
High / CVSS Base Score : 7.9
CVSS Temporal Score : 6.9
Public Exploit Available : false