Summary
VMware Workstation, Player, Fusion, and ESXi patches address a vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1.
Solution
Apply the missing patch(es).
Insight
a. Guest privilege escalation in VMware Tools
A kernel NULL dereference vulnerability was found in VMware Tools running on Microsoft Windows 8.1. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system.
The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System.
Affected
ESXi 5.5 without patch ESXi550-201403102-SG
ESXi 5.1 without patch ESXi510-201404102-SG
ESXi 5.0 without patch ESXi500-201405102-SG
Detection
Check the build number.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3793 -
CVSS Base Score: 5.8
AV:A/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
- Apple Safari Web Script Execution Vulnerabilites - June09
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
- Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)