This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote VMware ESX host is missing a security-related patch.
The remote VMware ESX host is missing a security-related patch. It is,
therefore, affected by multiple vulnerabilities :
- A format string flaw exists in the VMware Remote Console
that allows a remote attacker to execute arbitrary code.
- A flaw exists in VMware Tools due to improper access to
libraries. A remote attacker can exploit this to execute
arbitrary code by convincing a Windows guest OS user
into clicking on a file that is stored on a network
- A flaw exists in VMware Tools due to improper loading of
VMware programs. An attacker with access to a Windows
guest OS can escalate privileges by placing a Trojan
horse program at an unspecified location on the guest OS
See also :
Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 3.5 / 4.0.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true