VMware Player 5.x < 5.0.3 LGTOSYNC.SYS Guest Privilege Escalation (VMSA-2013-0014)
Medium Nessus Plugin ID 71231
SynopsisThe remote host contains software with a known, local privilege escalation vulnerability.
DescriptionThe installed version of VMware Player 5.x running on Windows is earlier than 5.0.3. It therefore reportedly contains a vulnerability in its handling in the LGTOSYNC.SYS driver. This issue could allow a local, malicious user to escalate privileges on 32-bit Guest Operating Systems running Windows XP.
Note that by exploiting this issue, a local attacker could elevate his privileges only on the Guest OS and not on the host.
SolutionUpdate to VMware Player 5.0.3 or later.