VMware Workstation 9.x < 9.0.3 Multiple Privilege Escalation Vulnerabilities (VMSA-2013-0013 / VMSA-2013-0014)

High Nessus Plugin ID 71054


The remote host contains software with known, local privilege escalation vulnerabilities.


The installed version of VMware Workstation 9.x is prior to 9.0.3. It is, therefore, affected by multiple local privilege escalation vulnerabilities :

- An issue exists in the handling of shared libraries that could allow a local, malicious user to escalate privileges on Linux hosts. (CVE-2013-5972 / VMSA-2013-0013)

- An issue exists in the handling of the LGTOSYNC.SYS driver on Windows hosts that could allow a local, malicious user to escalate privileges on 32-bit Guest Operating Systems running Windows XP. Note that by exploiting this issue, a local attacker could elevate his privileges only on the Guest Operating System and not on the host. (CVE-2013-3519 / VMSA-2013-0014)


Update to VMware Workstation 9.0.3 or later.

See Also



Plugin Details

Severity: High

ID: 71054

File Name: vmware_workstation_linux_9_0_3.nasl

Version: $Revision: 1.7 $

Type: local

Family: General

Published: 2013/11/22

Modified: 2015/11/18

Dependencies: 71053

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:workstation

Required KB Items: Host/VMware Workstation/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/11/14

Vulnerability Publication Date: 2013/11/14

Reference Information

CVE: CVE-2013-5972, CVE-2013-3519

BID: 63739, 64075

OSVDB: 99788, 100514

VMSA: 2013-0013, 2013-0014