Summary
The host is installed with VMWare products and are prone to local privilege escalation vulnerability.
Impact
Successful exploitation will allow attacker to modify arbitrary memory locations in guest kernel memory and gain privileges.
Impact Level: System/Application
Solution
Upgrade to Vmware Player 3.0.1 build 227600,
http://www.vmware.com/products/player/
upgrade VMware Workstation 7.0.1 build 227600,
http://www.vmware.com/products/ws/
Insight
The flaw is due to error in 'USB' service which allows host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.
Affected
Vmware Player 3.0 before 3.0.1 build 227600,
VMware Workstation 7.0 before 7.0.1 build 227600 ion windows.
References
Severity
Classification
-
CVE CVE-2010-1140 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)