VMware Products Security Bypass Vulnerability (Win) -Sep10 Network Vulnerability

Summary

The host is installed with VMWare product(s) which are vulnerable to security bypass vulnerability.

Impact

Successful exploitation allows attackers to display a malicious file if they manage to get their file onto the system prior to installation. Impact Level: Application

Solution

Upgrade to player 3.1.2 build 301548 http://www.vmware.com/products/player/ Upgrade VMware Workstation 7.1.2 build 301548 http://www.vmware.com/download/ace/

Insight

The vulnerability is due to an error in the 'installer', which will load an 'index.htm' file located in the current working directory.

Affected

VMware Player 3.0 before 3.1.2 build 301548 VMware Workstation 7.0 before 7.1.2 build 301548 on Windows.

References

http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/41574
http://securitytracker.com/alerts/2010/Sep/1024481.html
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/2491

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3277
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Misc information on News server
Evolution Mail Client Information Disclosure Vulnerability
FTP Banner Detection
FoxMail Version Detection
Becky Internet Mail Version Detection

Take action and discover your vulnerabilities