This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote VMware ESXi / ESX host is missing a security-related patch.
a. vSphere Client Insecure Client Download
vSphere Client contains a vulnerability in accepting an updated
vSphere Client file from an untrusted source. The vulnerability may
allow a host to direct vSphere Client to download and execute an
arbitrary file from any URI. This issue can be exploited if
the host has been compromised or if a user has been tricked
into clicking a malicious link.
VMware would like to thank Recurity Labs GmbH and the Bundesamt
in der Informationstechnik (BSI) for reporting this issue to us
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2014-1209 to this issue.
See also :
Apply the missing patch.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true