VMware Products Security Bypass Vulnerability (Win) -Sep10 Network Vulnerability

Summary

The host is installed with VMWare product(s) which are vulnerable to security bypass vulnerability.

Impact

Successful exploitation allows attackers to display a malicious file if they manage to get their file onto the system prior to installation. Impact Level: Application

Solution

Upgrade to player 3.1.2 build 301548 http://www.vmware.com/products/player/ Upgrade VMware Workstation 7.1.2 build 301548 http://www.vmware.com/download/ace/

Insight

The vulnerability is due to an error in the 'installer', which will load an 'index.htm' file located in the current working directory.

Affected

VMware Player 3.0 before 3.1.2 build 301548 VMware Workstation 7.0 before 7.1.2 build 301548 on Windows.

References

http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/41574
http://securitytracker.com/alerts/2010/Sep/1024481.html
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/2491

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3277

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Gravity Board X Detection
DNS AXFR
Host Scan End
iDB Detection
Amarok Player Version Detection (Linux)

Take action and discover your vulnerabilities