VMware Products Privilege Escalation Vulnerability (VMSA-2009-0015)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote host has a virtualization application affected by a
privilege escalation vulnerability.

Description :

A VMware product (Workstation, Player, ACE, or Server) detected on
the remote host has a privilege escalation vulnerability. Page
fault exceptions are not handled properly, which could allow a local
attacker to elevate privileges within the guest VM. This
vulnerability reportedly does not affect the host system.

See also :

http://www.vmware.com/security/advisories/VMSA-2009-0015
http://lists.vmware.com/pipermail/security-announce/2009/000069.html

Solution :

Upgrade to :

- VMware Workstation 6.5.3 or later.
- VMware Server 2.0.2 / 1.0.10 or later.
- VMware Player 2.5.3 or later.
- VMware ACE 2.5.3 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 42308 ()

Bugtraq ID: 36841

CVE ID: CVE-2009-2267

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now