VMware Products Tools Remote Code Execution Vulnerabilies (win) Network Vulnerability

Summary

The host is installed with VMWare products and are prone to remote code execution vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary code. Impact Level: System/Application

Solution

For Upgrades refer the below link, http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Insight

The flaw is due to error in 'tools' which does not properly access libraries. This allows attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.

Affected

VMware ACE 2.5.x before 2.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, VMware Workstation 6.5.x before 6.5.4 build 246459

References

http://lists.vmware.com/pipermail/security-announce/2010/000090.html
http://secunia.com/advisories/39198
http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1141, CVE-2010-1142
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)
Adobe Acrobat Multiple Vulnerabilities - Windows
Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)

Take action and discover your vulnerabilities