VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (Win) Network Vulnerability

Summary

The host is installed with VMWare product(s) that are vulnerable to privilege escalation vulnerability.

Impact

Successful exploitation allow attackers to execute arbitrary code on the affected system and users could bypass certain security restrictions or can gain escalated privileges. Impact Level : System

Solution

Upgrade VMware latest versions, www.vmware.com/download/ws/ www.vmware.com/download/ace/ www.vmware.com/download/player/ www.vmware.com/download/server/

Insight

The issue is due to an error in the CPU hardware emulation while handling the trap flag.

Affected

VMware Server 1.x - 1.0.7 on Windows VMware ACE 1.x - 1.0.7 and 2.x - 2.0.5 on Windows VMware Player 1.x - 1.0.8 and 2.x - 2.0.5 on Windows VMware Workstation 6.0.5 and earlier on all Windows

References

http://www.frsirt.com/english/advisories/2008/3052
http://www.vmware.com/security/advisories/VMSA-2008-0018.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4915, CVE-2008-4917

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
Adobe Acrobat Remote Code Execution Vulnerability(Win)
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X

Take action and discover your vulnerabilities