VMware Workstation 9.x < 9.0.3 Multiple Privilege Escalation Vulnerabilities (VMSA-2013-0013 / VMSA-2013-0014)
High Nessus Plugin ID 71054
SynopsisThe remote host contains software with known, local privilege escalation vulnerabilities.
DescriptionThe installed version of VMware Workstation 9.x is prior to 9.0.3. It is, therefore, affected by multiple local privilege escalation vulnerabilities :
- An issue exists in the handling of shared libraries that could allow a local, malicious user to escalate privileges on Linux hosts. (CVE-2013-5972 / VMSA-2013-0013)
- An issue exists in the handling of the LGTOSYNC.SYS driver on Windows hosts that could allow a local, malicious user to escalate privileges on 32-bit Guest Operating Systems running Windows XP. Note that by exploiting this issue, a local attacker could elevate his privileges only on the Guest Operating System and not on the host. (CVE-2013-3519 / VMSA-2013-0014)
SolutionUpdate to VMware Workstation 9.0.3 or later.