Summary
The host is installed with VMWare product(s) which are vulnerable to multiple vulnerabilities.
Impact
Successful exploitation allows attackers to gain privileges on the guest OS.
Impact Level: Application
Solution
Apply the patch or upgrade to player 3.1.4 or later, http://www.vmware.com/products/player/
http://downloads.vmware.com/d/info/desktop_downloads/vmware_player/3_0
Apply the patch or upgrade to VMware Workstation 7.1.4 or later, http://downloads.vmware.com/d/info/desktop_downloads/vmware_workstation/7_0
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
Multiple flaws are due to,
- An information disclosure vulnerability in 'Mount.vmhgfs', allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.
- A race condition privilege escalation in 'Mount.vmhgfs' via a race condition, that allows guest OS users to gain privileges on the guest OS by mounting a file system on top of an arbitrary directory.
Affected
VMware Player 3.1.x before 3.1.4
VMware Workstation 7.1.x before 7.1.4 on Windows.
References
Severity
Classification
-
CVE CVE-2011-1787, CVE-2011-2146 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)