VMware Products Multiple Vulnerabilities (VMSA-2008-0018/VMSA-2008-0019)
Medium Nessus Plugin ID 34818
SynopsisThe remote Windows host has an application that is affected by multiple vulnerabilities.
DescriptionA VMware product installed on the remote host is affected by multiple vulnerabilities :
- A CPU hardware emulation flaw in certain VMware products could allow a virtual CPU to incorrectly handle a Trap flag. Successful exploitation of this issue could lead to privilege escalation on the guest operating system. An attacker would need an account on the guest operating system and the ability to run applications to exploit this issue. (CVE-2008-4915)
- By sending a malicious request from the guest operating system to the virtual hardware, it may be possible to cause the virtual hardware to write to an uncontrolled section in the physical memory. (CVE-2008-4917)
SolutionUpgrade to :
- VMware Workstation 6.5.0/5.5.9 or higher.
- VMware Player 2.5.0/1.0.9 or higher.
- VMware Server 1.0.8 or higher.
- VMware ACE 2.5.0/1.0.8 or higher.