VMSA-2016-0014 : VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi host is missing a security-related patch.

Description :

a. VMware Workstation heap-based buffer overflow vulnerabilities via
Cortado ThinPrint

VMware Workstation contains vulnerabilities that may allow a
Windows-based Virtual
Machine (VM) to trigger a heap-based buffer overflow. Exploitation of
these issues may lead
to arbitrary code execution in VMware Workstation running on Windows.

Exploitation is only possible if virtual printing has been enabled in
VMware Workstation.
This feature is not enabled by default. VMware Knowledge Base article

See also :

http://lists.vmware.com/pipermail/security-announce/2016/000345.html

Solution :

Apply the missing patch.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 93512 ()

Bugtraq ID:

CVE ID: CVE-2016-7079
CVE-2016-7080
CVE-2016-7081
CVE-2016-7082
CVE-2016-7083
CVE-2016-7084
CVE-2016-7085
CVE-2016-7086

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now