VMware Products Multiple Vulnerabilities (VMSA-2008-0014)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has an application that is affected by
multiple issues.

Description :

A VMware product installed on the remote host is affected by multiple
vulnerabilities :

- ActiveX controls provided by VMware for IE could be
exploited to cause a denial of service condition or
execute arbitrary code on the remote system.
(CVE-2007-5438, CVE-2008-3691-CVE-2008-3696,

- Internet Server Application Programming Interface
(ISAPI) extensions provided by VMware are affected
by a remote denial of service vulnerability.

- Certain VMware products running as host systems are
affected by a local privilege escalation vulnerability.
Successful exploitation of this issue would allow
users to execute arbitrary code on the system.

- A flaw in VMware's CPU hardware emulation could result
in privilege escalation on guest systems running on
64-bit operating systems. (CVE-2008-4279)

See also :


Solution :

Upgrade to :

- VMware Workstation 6.0.5/5.5.8 or higher.
- VMware Player 2.0.5/1.0.8 or higher.
- VMware Server 1.0.7 or higher.
- VMware ACE 2.0.5/1.0.7 or higher.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now