VMware Products Multiple Vulnerabilities (VMSA-2008-0014)
High Nessus Plugin ID 34156
SynopsisThe remote Windows host has an application that is affected by multiple issues.
DescriptionA VMware product installed on the remote host is affected by multiple vulnerabilities :
- ActiveX controls provided by VMware for IE could be exploited to cause a denial of service condition or execute arbitrary code on the remote system.
(CVE-2007-5438, CVE-2008-3691-CVE-2008-3696, CVE-2008-3892)
- Internet Server Application Programming Interface (ISAPI) extensions provided by VMware are affected by a remote denial of service vulnerability.
- Certain VMware products running as host systems are affected by a local privilege escalation vulnerability.
Successful exploitation of this issue would allow users to execute arbitrary code on the system.
- A flaw in VMware's CPU hardware emulation could result in privilege escalation on guest systems running on 64-bit operating systems. (CVE-2008-4279)
SolutionUpgrade to :
- VMware Workstation 6.0.5/5.5.8 or higher.
- VMware Player 2.0.5/1.0.8 or higher.
- VMware Server 1.0.7 or higher.
- VMware ACE 2.0.5/1.0.7 or higher.