VMware Products Multiple Vulnerabilities (VMSA-2008-0014)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by
multiple issues.

Description :

A VMware product installed on the remote host is affected by multiple
vulnerabilities :

- ActiveX controls provided by VMware for IE could be
exploited to cause a denial of service condition or
execute arbitrary code on the remote system.
(CVE-2007-5438, CVE-2008-3691-CVE-2008-3696,
CVE-2008-3892)

- Internet Server Application Programming Interface
(ISAPI) extensions provided by VMware are affected
by a remote denial of service vulnerability.
(CVE-2008-3697)

- Certain VMware products running as host systems are
affected by a local privilege escalation vulnerability.
Successful exploitation of this issue would allow
users to execute arbitrary code on the system.
(CVE-2008-3698)

- A flaw in VMware's CPU hardware emulation could result
in privilege escalation on guest systems running on
64-bit operating systems. (CVE-2008-4279)

See also :

http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
http://seclists.org/fulldisclosure/2008/Oct/51
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Solution :

Upgrade to :

- VMware Workstation 6.0.5/5.5.8 or higher.
- VMware Player 2.0.5/1.0.8 or higher.
- VMware Server 1.0.7 or higher.
- VMware ACE 2.0.5/1.0.7 or higher.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now