VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (Win) Network Vulnerability

Summary

The host is installed with VMWare product(s) that are vulnerable to privilege escalation vulnerability.

Impact

Successful exploitation allow attackers to execute arbitrary code on the affected system and users could bypass certain security restrictions or can gain escalated privileges. Impact Level : System

Solution

Upgrade VMware latest versions, www.vmware.com/download/ws/ www.vmware.com/download/ace/ www.vmware.com/download/player/ www.vmware.com/download/server/

Insight

The issue is due to an error in the CPU hardware emulation while handling the trap flag.

Affected

VMware Server 1.x - 1.0.7 on Windows VMware ACE 1.x - 1.0.7 and 2.x - 2.0.5 on Windows VMware Player 1.x - 1.0.8 and 2.x - 2.0.5 on Windows VMware Workstation 6.0.5 and earlier on all Windows

References

http://www.frsirt.com/english/advisories/2008/3052
http://www.vmware.com/security/advisories/VMSA-2008-0018.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4915, CVE-2008-4917
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)

Take action and discover your vulnerabilities