VMware View Multiple Vulnerabilities (VMSA-2012-0004)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote host has a virtual desktop solution that is potentially
affected by multiple vulnerabilities.

Description :

The VMware View, formerly VMware Virtual Desktop Infrastructure
components (Agent or Server), on the remote host is 4.x prior to
4.6.1. It is, therefore, potentially affected by the following
vulnerabilities :

- A buffer overflow vulnerability exists in the XPDM and
WDDM display drivers and a NULL pointer dereference in
WDDM display driver that could allow local attackers to
elevate privileges and potentially execute arbitrary
code. (CVE-2012-1508, CVE-2012-1509, CVE-2012-1510)

- A cross-site scripting vulnerability exists where input
passed via view manager portal is not properly validated.
A remote attacker could exploit this vulnerability by
creating a specially crafted URL, which could result in
execution of arbitrary script code. (CVE-2012-1511)

See also :


Solution :

Upgrade to VMware View Server 4.6.1 / VMware View Agent 4.6.1 or

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 63684 ()

Bugtraq ID: 52524

CVE ID: CVE-2012-1508

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now