Summary
VMware Workstation, Player, Fusion, and ESXi patches address a vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1.
Solution
Apply the missing patch(es).
Insight
a. Guest privilege escalation in VMware Tools
A kernel NULL dereference vulnerability was found in VMware Tools running on Microsoft Windows 8.1. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system.
The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System.
Affected
ESXi 5.5 without patch ESXi550-201403102-SG
ESXi 5.1 without patch ESXi510-201404102-SG
ESXi 5.0 without patch ESXi500-201405102-SG
Detection
Check the build number.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3793 -
CVSS Base Score: 5.8
AV:A/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
- Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
- Apache Tomcat Remote Code Execution Vulnerability - Sep14