Summary
The host is installed with VMWare product(s) that are vulnerable to multiple buffer overflow.
Impact
Successful exploitation allow attackers to execute arbitrary code on the affected system and local user can obtain elevated privileges on the target system.
Successful exploitation requires that the vix.inGuest.enable configuration value is enabled.
Impact Level : System
Solution
Upgrade VMware Product(s) to below version,
VMware Player 1.0.7 build 91707 or 2.0.4 build 93057 or later www.vmware.com/download/player/
VMware Server 1.0.6 build 91891 or later
www.vmware.com/download/server/
VMware Workstation 5.5.7 build 91707 or 6.0.4 build 93057 or later www.vmware.com/download/ws/
VMware ACE 2.0.4 build 93057
http://www.vmware.com/download/ace/
Insight
VMware VIX API (Application Program Interface) fails to adequately bounds check user supplied input before copying it to insufficient size buffer.
Affected
VMware Player 1.x - before 1.0.7 build 91707 on Windows VMware Player 2.x - before 2.0.4 build 93057 on Windows VMware Server 1.x - before 1.0.6 build 91891 on Windows VMware Workstation 5.x - before 5.5.7 build 91707 on Windows VMware Workstation 6.x - before 6.0.4 build 93057 on Windows VMware ACE 2.x - before 2.0.4 build 93057 on Windows
References
Severity
Classification
-
CVE CVE-2008-2100 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ClamAV 'find_stream_bounds()' function Buffer Overflow Vulnerability
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)
- ALLMediaServer Request Handling Buffer Overflow Vulnerability
- Beatport Player '.m3u' File Buffer Overflow Vulnerability
- Cscope putstring Multiple Buffer Overflow vulnerability