VMware Player Multiple Vulnerabilities (VMSA-2012-0009)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has a virtualization application affected by multiple
vulnerabilities.

Description :

The VMware Player install detected on the remote host is 3.x earlier
than 3.1.6, or 4.0.x earlier than 4.0.3 and is, therefore, potentially
affected by the following vulnerabilities :

- Memory corruption errors exist related to the
RPC commands handler function which could cause the
application to crash or possibly allow an attacker to
execute arbitrary code. Note that these errors only
affect the 3.x branch. (CVE-2012-1516, CVE-2012-1517)

- An error in the virtual floppy device configuration
can allow out-of-bounds memory writes and can allow
a guest user to crash the VMX process or potentially
execute arbitrary code on the host. Note that root or
administrator level privileges in the guest are required
for successful exploitation along with the existence of
a virtual floppy device in the guest. (CVE-2012-2449)

- An error in the virtual SCSI device registration
process can allow improper memory writes and can allow
a guest user to crash the VMX process or potentially
execute arbitrary code on the host. Note that root or
administrator level privileges are required in the
guest for successful exploitation along with the
existence of a virtual SCSI device in the guest.
(CVE-2012-2450)

See also :

http://www.vmware.com/security/advisories/VMSA-2012-0009.html
http://lists.vmware.com/pipermail/security-announce/2012/000176.html
http://www.nessus.org/u?acb1cf3a
http://www.nessus.org/u?258456c3

Solution :

Upgrade to VMware Player 3.1.6 / 4.0.3 or later.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 59091 ()

Bugtraq ID: 53369

CVE ID: CVE-2012-1516
CVE-2012-1517
CVE-2012-2449
CVE-2012-2450

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now