VMware Fusion 8.1.x < 8.1.1 Shared Folders (HGFS) Guest DLL Hijacking Arbitrary Code Execution (VMSA-2016-0010)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A virtualization application installed on the remote Mac OS X host is
affected by an arbitrary code execution vulnerability.

Description :

The version of VMware Fusion installed on the remote Mac OS X host is
8.1.x prior to 8.1.1. It is, therefore, affected by an arbitrary code
execution vulnerability in the Shared Folders (HGFS) feature due to
improper loading of Dynamic-link library (DLL) files from insecure
paths, including the current working directory, which may not be under
user control. A remote attacker can exploit this vulnerability, by
placing a malicious DLL in the path or by convincing a user into
opening a file on a network share, to inject and execute arbitrary
code in the context of the current user.

See also :

http://www.vmware.com/security/advisories/VMSA-2016-0010.html

Solution :

Upgrade to VMware Fusion 8.1.1 or later.

Note that VMware Tools on Windows-based guests that use the Shared
Folders (HGFS) feature must also be updated to completely mitigate the
vulnerability.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 92943 ()

Bugtraq ID: 92323

CVE ID: CVE-2016-5330

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now