VMSA-2014-0003 : VMware vSphere Client updates address security vulnerabilities
High Nessus Plugin ID 73469
SynopsisThe remote VMware ESXi / ESX host is missing a security-related patch.
Descriptiona. vSphere Client Insecure Client Download
vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link.
VMware would like to thank Recurity Labs GmbH and the Bundesamt Sicherheit in der Informationstechnik (BSI) for reporting this issue to us
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1209 to this issue.
SolutionApply the missing patch.