VMware Products Multiple Vulnerabilities (VMSA-2008-0014)

High Nessus Plugin ID 34156


The remote Windows host has an application that is affected by multiple issues.


A VMware product installed on the remote host is affected by multiple vulnerabilities :

- ActiveX controls provided by VMware for IE could be exploited to cause a denial of service condition or execute arbitrary code on the remote system.
(CVE-2007-5438, CVE-2008-3691-CVE-2008-3696, CVE-2008-3892)

- Internet Server Application Programming Interface (ISAPI) extensions provided by VMware are affected by a remote denial of service vulnerability.

- Certain VMware products running as host systems are affected by a local privilege escalation vulnerability.
Successful exploitation of this issue would allow users to execute arbitrary code on the system.

- A flaw in VMware's CPU hardware emulation could result in privilege escalation on guest systems running on 64-bit operating systems. (CVE-2008-4279)


Upgrade to :

- VMware Workstation 6.0.5/5.5.8 or higher.
- VMware Player 2.0.5/1.0.8 or higher.
- VMware Server 1.0.7 or higher.
- VMware ACE 2.0.5/1.0.7 or higher.

See Also





Plugin Details

Severity: High

ID: 34156

File Name: vmware_multiple_vmsa_2008_0014.nasl

Version: $Revision: 1.21 $

Type: local

Agent: windows

Family: Windows

Published: 2008/09/10

Modified: 2016/11/29

Dependencies: 31728, 26200, 26201, 31727

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:ace, cpe:/a:vmware:vmware_player, cpe:/a:vmware:vmware_server, cpe:/a:vmware:vmware_workstation

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2007-5438, CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2008-3696, CVE-2008-3697, CVE-2008-3698, CVE-2008-3892, CVE-2008-4279

BID: 26025, 30934, 30935, 30936, 31569

OSVDB: 43488, 48246, 48247, 48248, 48249, 48250, 48251, 48252, 48253, 48435, 49090

VMSA: 2008-0014

Secunia: 31310, 31707, 31708, 31709

CWE: 20, 119, 264