VMware View Multiple Vulnerabilities (VMSA-2012-0004)
High Nessus Plugin ID 63684
SynopsisThe remote host has a virtual desktop solution that is potentially affected by multiple vulnerabilities.
DescriptionThe VMware View, formerly VMware Virtual Desktop Infrastructure components (Agent or Server), on the remote host is 4.x prior to 4.6.1. It is, therefore, potentially affected by the following vulnerabilities :
- A buffer overflow vulnerability exists in the XPDM and WDDM display drivers and a NULL pointer dereference in WDDM display driver that could allow local attackers to elevate privileges and potentially execute arbitrary code. (CVE-2012-1508, CVE-2012-1509, CVE-2012-1510)
- A cross-site scripting vulnerability exists where input passed via view manager portal is not properly validated. A remote attacker could exploit this vulnerability by creating a specially crafted URL, which could result in execution of arbitrary script code. (CVE-2012-1511)
SolutionUpgrade to VMware View Server 4.6.1 / VMware View Agent 4.6.1 or later.