This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote host has a virtualization application installed that is
affected by multiple vulnerabilities.
The version of VMware Player installed on the remote Windows host is
6.x prior to 6.0.6. It is, therefore, affected by multiple
- An arbitrary code execution vulnerability exists due to
a stack-based buffer overflow condition in the JPEG2000
plugin that is triggered when parsing a Quantization
Default (QCD) marker segment in a JPEG2000 (JP2) image
file. A remote attacker can exploit this, using a
specially crafted image, to execute arbitrary code or
cause a denial of service condition. (CVE-2012-0897)
- Multiple unspecified remote code execution
vulnerabilities exists in 'TPView.dll' and 'TPInt.dll'
library files. (CVE-2015-2336, CVE-2015-2337)
- The 'TPview.dll' and 'TPInt.dll' library files fail to
properly handle memory allocation. A remote attacker can
exploit this to cause a denial of service.
(CVE-2015-2338, CVE-2015-2339, CVE-2015-2340)
- A denial of service vulnerability exists due to improper
validation of user-supplied input to a remote procedure
call (RPC) command. An unauthenticated, remote attacker
can exploit this, via a crafted command, to crash the
host or guest operating systems. (CVE-2015-2341)
See also :
Upgrade to VMware Player version 6.0.6 or later.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true
Nessus Plugin ID: 84219 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now