BID:53369

VMware Multiple Products Multiple Memory Corruption Privilege Escalation Vulnerabilities

Info

VMware Multiple Products Multiple Memory Corruption Privilege Escalation Vulnerabilities

Bugtraq ID:	53369
Class:	Boundary Condition Error
CVE:	CVE-2012-1516 CVE-2012-1517 CVE-2012-2449 CVE-2012-2450
Remote:	No
Local:	Yes
Published:	May 03 2012 12:00AM
Updated:	Aug 17 2012 07:30PM
Credit:	The vendor
Vulnerable:	VMWare Workstation 8.0.2 VMWare Workstation 8.0.1 VMWare Player 4.0.2 VMWare Player 4.0.1 VMWare Fusion 4.1.2 VMWare Fusion 4.1.1 VMWare ESXi 5.0 VMWare ESXi 4.1 VMWare ESXi 4.0 VMWare ESXi 3.5 VMWare ESX 4.1 VMWare ESX 4.0 VMWare ESX 3.5

Not Vulnerable:

Discussion

VMware Multiple Products Multiple Memory Corruption Privilege Escalation Vulnerabilities

Multiple VMware products are prone to multiple privilege-escalation vulnerabilities.

Local attackers can exploit these issues to execute arbitrary code with elevated privileges or cause denial-of-service conditions.

Exploit / POC

VMware Multiple Products Multiple Memory Corruption Privilege Escalation Vulnerabilities

Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

Solution / Fix

VMware Multiple Products Multiple Memory Corruption Privilege Escalation Vulnerabilities

Solution:
Vendor updates are available. Please see the references for more information.

References

VMware Multiple Products Multiple Memory Corruption Privilege Escalation Vulnerabilities

References:

VMware Homepage (VMware)
VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Br (Derek Soeder)