VMware Products Multiple Vulnerabilities (VMSA-2008-0018/VMSA-2008-0019)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by multiple
vulnerabilities.

Description :

A VMware product installed on the remote host is affected by multiple
vulnerabilities :

- A CPU hardware emulation flaw in certain VMware
products could allow a virtual CPU to incorrectly
handle a Trap flag. Successful exploitation of this
issue could lead to privilege escalation on the guest
operating system. An attacker would need an account on
the guest operating system and the ability to run
applications to exploit this issue. (CVE-2008-4915)

- By sending a malicious request from the guest operating
system to the virtual hardware, it may be possible to
cause the virtual hardware to write to an uncontrolled
section in the physical memory. (CVE-2008-4917)

See also :

http://www.vmware.com/security/advisories/VMSA-2008-0018.html
http://www.vmware.com/security/advisories/VMSA-2008-0019.html

Solution :

Upgrade to :

- VMware Workstation 6.5.0/5.5.9 or higher.
- VMware Player 2.5.0/1.0.9 or higher.
- VMware Server 1.0.8 or higher.
- VMware ACE 2.5.0/1.0.8 or higher.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 34818 ()

Bugtraq ID: 32168
32597

CVE ID: CVE-2008-4915
CVE-2008-4917

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now