VMware Player 12.1.x < 12.1.1 Shared Folders (HGFS) Guest DLL Hijacking Arbitrary Code Execution (VMSA-2016-0010)

high Nessus Plugin ID 92945

Synopsis

A virtualization application installed on the remote host is affected by an arbitrary code execution vulnerability.

Description

The version of VMware Player installed on the remote host is 12.1.x prior to 12.1.1. It is, therefore, affected by an arbitrary code execution vulnerability in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user.

Solution

Upgrade to VMware Player 12.1.1 or later.

Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability.

See Also

http://www.vmware.com/security/advisories/VMSA-2016-0010.html

Plugin Details

Severity: High

ID: 92945

File Name: vmware_player_win_vmsa_2016_0010.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 8/12/2016

Updated: 11/14/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-5330

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:player

Required KB Items: SMB/Registry/Enumerated, installed_sw/VMware Player

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/4/2016

Vulnerability Publication Date: 8/4/2016

Exploitable With

Metasploit (DLL Side Loading Vulnerability in VMware Host Guest Client Redirector)

Reference Information

CVE: CVE-2016-5330

BID: 92323

VMSA: 2016-0010