VMware Player 12.1.x < 12.1.1 Shared Folders (HGFS) Guest DLL Hijacking Arbitrary Code Execution (VMSA-2016-0010)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A virtualization application installed on the remote host is affected
by an arbitrary code execution vulnerability.

Description :

The version of VMware Player installed on the remote host is 12.1.x
prior to 12.1.1. It is, therefore, affected by an arbitrary code
execution vulnerability in the Shared Folders (HGFS) feature due to
improper loading of Dynamic-link library (DLL) files from insecure
paths, including the current working directory, which may not be under
user control. A remote attacker can exploit this vulnerability, by
placing a malicious DLL in the path or by convincing a user into
opening a file on a network share, to inject and execute arbitrary
code in the context of the current user.

See also :

http://www.vmware.com/security/advisories/VMSA-2016-0010.html

Solution :

Upgrade to VMware Player 12.1.1 or later.

Note that VMware Tools on Windows-based guests that use the Shared
Folders (HGFS) feature must also be updated to completely mitigate the
vulnerability.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 92945 ()

Bugtraq ID: 92323

CVE ID: CVE-2016-5330

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now