VMware ESX / ESXi vSphere Client RCE (VMSA-2014-0003)
High Nessus Plugin ID 87675
SynopsisThe remote VMware ESX / ESXi host is missing a security-related patch.
DescriptionThe remote VMware ESX / ESXi host is affected by a remote code execution vulnerability in the vSphere Client versions 4.0 / 4.1 due to improper validation of updates to client files. An unauthenticated, remote attacker can exploit this, via a malicious link, to download and execute arbitrary code from an untrusted URI.
SolutionApply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1.