VMware Products USB Service Local Privilege Escalation Vulnerability (Win) Network Vulnerability

Summary

The host is installed with VMWare products and are prone to local privilege escalation vulnerability.

Impact

Successful exploitation will allow attacker to modify arbitrary memory locations in guest kernel memory and gain privileges. Impact Level: System/Application

Solution

Upgrade to Vmware Player 3.0.1 build 227600, http://www.vmware.com/products/player/ upgrade VMware Workstation 7.0.1 build 227600, http://www.vmware.com/products/ws/

Insight

The flaw is due to error in 'USB' service which allows host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.

Affected

Vmware Player 3.0 before 3.0.1 build 227600, VMware Workstation 7.0 before 7.0.1 build 227600 ion windows.

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://secunia.com/advisories/39206

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1140
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)
Apache Tomcat Multiple Vulnerabilities - 01 Mar14
Apple Safari 'SRC' Remote Denial Of Service Vulnerability

Take action and discover your vulnerabilities