VMware Fusion 4.x < 4.1.2 (VMSA-2012-0007)

High Nessus Plugin ID 58792


The remote host has a virtualization application affected by a local privilege escalation vulnerability.


The version of VMware Fusion 4.x installed on the Mac OS X host is earlier than 4.1.2. As such, it is reportedly affected by a local privilege escalation vulnerability because the access control list of the VMware Tools folder is incorrectly set.

By exploiting this issue, a local attacker could elevate his privileges on Windows-based Guest Operating Systems.


Upgrade to VMware Fusion 4.1.2 or later.

In addition to patching, VMware Tools must be updated on all Windows guest VMs in order to completely mitigate the vulnerability.

See Also



Plugin Details

Severity: High

ID: 58792

File Name: macosx_fusion_4_1_2.nasl

Version: $Revision: 1.7 $

Type: local

Agent: macosx

Published: 2012/04/19

Modified: 2016/05/20

Dependencies: 50828

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:fusion

Required KB Items: Host/local_checks_enabled, MacOSX/Fusion/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/04/12

Vulnerability Publication Date: 2012/04/12

Exploitable With

CANVAS (White_Phosphorus)

Reference Information

CVE: CVE-2012-1518

BID: 53006

OSVDB: 81163

VMSA: 2012-0007