VMware Player Multiple Vulnerabilities (VMSA-2012-0011)

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote host has a virtualization application that is affected
by multiple vulnerabilities.

Description :

The VMware Player install detected on the remote host is 3.x earlier
than 3.1.6, or 4.0.x, earlier than 4.0.4 and is, therefore, potentially
affected by the following vulnerabilities :

- A memory corruption error exists related to the
handling of 'Checkpoint' files that can allow arbitrary
code execution. (CVE-2012-3288)

- An error exists related to handling traffic from
remote physical devices, e.g. CD-ROM or mouse that
can cause the virtual machine to crash. Note that this
issue affects only the 4.x branch. (CVE-2012-3289)

See also :

http://www.vmware.com/security/advisories/VMSA-2012-0011.html
http://www.vmware.com/support/player40/doc/releasenotes_player404.html
http://www.vmware.com/support/player31/doc/releasenotes_player316.html

Solution :

Upgrade to VMware Player 3.1.6 / 4.0.4 or later.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 59729 ()

Bugtraq ID: 53996

CVE ID: CVE-2012-3288
CVE-2012-3289

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now