Summary
VMware Workstation, Player, Fusion, and ESXi patches address a vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1.
Solution
Apply the missing patch(es).
Insight
a. Guest privilege escalation in VMware Tools
A kernel NULL dereference vulnerability was found in VMware Tools running on Microsoft Windows 8.1. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system.
The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System.
Affected
ESXi 5.5 without patch ESXi550-201403102-SG
ESXi 5.1 without patch ESXi510-201404102-SG
ESXi 5.0 without patch ESXi500-201405102-SG
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3793 -
CVSS Base Score: 5.8
AV:A/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- VMSA-2014-0002 VMware vSphere updates to third party libraries
- VMSA-2012-0018: VMware security updates for vCSA and ESXi
- VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities
- VMSA-2013-0011 VMware ESX and ESXi updates to third party libraries
- VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX