VMware Products Multiple Vulnerabilities (VMSA-2008-0008)
Medium Nessus Plugin ID 32503
SynopsisThe remote Windows host has an application that is affected by multiple issues.
DescriptionA VMware product installed on the remote host is affected by multiple vulnerabilities :
- A heap overflow vulnerability in VMware Host Guest File System (HGFS), could allow a guest to execute arbitrary code subject to the privileges of the user running 'vmx' process. In order to successfully exploit this issue a folder should be shared on the host system and sharing should be enabled, which is disabled by default.
- A vulnerability in Virtual Machine Communication Interface (VMCI), a 'experimental' feature designed for users building client-server applications, could allow a guest to execute arbitrary code subject to the privileges of the user running 'vmx' process. For successful exploitation of this issue VMCI feature should be enabled on the host. (CVE-2012-2099)
SolutionUpgrade to :
- VMware Workstation 6.0.4 or higher.
- VMware Player 2.0.4 or higher.
- VMware ACE 2.0.4 or higher.