Summary
The host is installed with VMWare product(s) which are vulnerable to multiple vulnerabilities.
Impact
Successful exploitation allows attackers to gain privileges on the guest OS.
Impact Level: Application
Solution
Apply the patch or upgrade to player 3.1.4 or later, http://www.vmware.com/products/player/
http://downloads.vmware.com/d/info/desktop_downloads/vmware_player/3_0
Apply the patch or upgrade to VMware Workstation 7.1.4 or later, http://downloads.vmware.com/d/info/desktop_downloads/vmware_workstation/7_0
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
Multiple flaws are due to,
- An information disclosure vulnerability in 'Mount.vmhgfs', allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.
- A race condition privilege escalation in 'Mount.vmhgfs' via a race condition, that allows guest OS users to gain privileges on the guest OS by mounting a file system on top of an arbitrary directory.
Affected
VMware Player 3.1.x before 3.1.4
VMware Workstation 7.1.x before 7.1.4 on Windows.
References
Severity
Classification
-
CVE CVE-2011-1787, CVE-2011-2146 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Adobe Flash Media Server Video Stream Capture Security Issue
- Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)
- CA Gateway Security Remote Code Execution Vulnerability
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability