This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote host has a virtual desktop solution that is potentially
affected by multiple vulnerabilities.
The VMware View, formerly VMware Virtual Desktop Infrastructure
components (Agent or Server), on the remote host is 4.x prior to
4.6.1. It is, therefore, potentially affected by the following
- A buffer overflow vulnerability exists in the XPDM and
WDDM display drivers and a NULL pointer dereference in
WDDM display driver that could allow local attackers to
elevate privileges and potentially execute arbitrary
code. (CVE-2012-1508, CVE-2012-1509, CVE-2012-1510)
- A cross-site scripting vulnerability exists where input
passed via view manager portal is not properly validated.
A remote attacker could exploit this vulnerability by
creating a specially crafted URL, which could result in
execution of arbitrary script code. (CVE-2012-1511)
See also :
Upgrade to VMware View Server 4.6.1 / VMware View Agent 4.6.1 or
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false