Summary
The host is installed with VMWare products and are prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attacker to disclose potentially sensitive information.
Impact Level: System/Application
Solution
For Upgrades refer the below link,
http://www.vmware.com/security/advisories/VMSA-2010-0007.html
Insight
The flaw is due to error in 'virtual networking stack' when interacting between the guest OS and host 'vmware-vmx' process, which allows attackers to obtain sensitive information from memory on the host OS by examining received network packets.
Affected
VMware Server 2.x,
Vmware Player 3.0 before 3.0.1 build 227600,
VMware Player 2.5.x before 2.5.4 build 246459,
VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 and VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459
References
Severity
Classification
-
CVE CVE-2010-1138 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat XML External Entity Information Disclosure Vulnerability
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Windows)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)