VMware Multiple Products Local Privilege Escalation Vulnerability

Bugtraq ID:	53006
Class:	Input Validation Error
CVE:	CVE-2012-1518
Remote:	No
Local:	Yes
Published:	Apr 12 2012 12:00AM
Updated:	Apr 12 2012 12:00AM
Credit:	Tavis Ormandy
Vulnerable:	VMWare Workstation 8.0.1 VMWare Player 4.0.1 VMWare Fusion 4.1.1 VMWare ESXi 5.0 VMWare ESXi 4.1 VMWare ESXi 4.0 VMWare ESXi 3.5 VMWare ESX 4.1 VMWare ESX 4.0 VMWare ESX 3.5
Not Vulnerable:	VMWare Workstation 8.0.2 VMWare Player 4.0.2 VMWare Fusion 4.1.2

VMware Multiple Products Local Privilege Escalation Vulnerability

Multiple VMware products are prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to execute arbitrary code with elevated privileges on Windows-based guest operating systems.

VMware Multiple Products Local Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

VMware Multiple Products Local Privilege Escalation Vulnerability

Solution:
The vendor has released an advisory and patches. Please see the references for more information.

VMware Multiple Products Local Privilege Escalation Vulnerability

References:

• VMware Homepage (VMware)