VMware Products Multiple Vulnerabilities (VMSA-2008-0008)

Medium Nessus Plugin ID 32503


The remote Windows host has an application that is affected by multiple issues.


A VMware product installed on the remote host is affected by multiple vulnerabilities :

- A heap overflow vulnerability in VMware Host Guest File System (HGFS), could allow a guest to execute arbitrary code subject to the privileges of the user running 'vmx' process. In order to successfully exploit this issue a folder should be shared on the host system and sharing should be enabled, which is disabled by default.

- A vulnerability in Virtual Machine Communication Interface (VMCI), a 'experimental' feature designed for users building client-server applications, could allow a guest to execute arbitrary code subject to the privileges of the user running 'vmx' process. For successful exploitation of this issue VMCI feature should be enabled on the host. (CVE-2012-2099)


Upgrade to :

- VMware Workstation 6.0.4 or higher.
- VMware Player 2.0.4 or higher.
- VMware ACE 2.0.4 or higher.

See Also





Plugin Details

Severity: Medium

ID: 32503

File Name: vmware_multiple_vmsa_2008_0008.nasl

Version: $Revision: 1.15 $

Type: local

Agent: windows

Family: Windows

Published: 2008/06/03

Modified: 2015/01/29

Dependencies: 26201, 31727, 31728

Risk Information

Risk Factor: Medium


Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:ace, cpe:/a:vmware:vmware_player, cpe:/a:vmware:vmware_workstation

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Core Impact

Reference Information

CVE: CVE-2008-2098, CVE-2008-2099

BID: 29443, 29444

OSVDB: 45890, 45891

VMSA: 2008-0008

CWE: 119