Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability announce CVE-2012-1516 CVE-2012-1517 CVE-2012-2448

VMware: multiple vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities in VMware products can be used by an attacker to elevate his privileges, by executing code.
Impacted products: ESX, ESXi, VMware Player, VMware vSphere Hypervisor, VMware Workstation.
Severity: 3/4.
Creation date: 04/05/2012.
Identifiers: BID-53369, BID-53371, CERTA-2012-AVI-249, CVE-2012-1516, CVE-2012-1517, CVE-2012-2448, CVE-2012-2449, CVE-2012-2450, ESX350-201205401-SG, ESX400-201205001, ESX400-201205401-SG, ESX410-201205001, ESX410-201205401-SG, ESXe350-201205401-I-SG, ESXe350-201205401-O-SG, ESXi400-201205001, ESXi400-201205401-SG, ESXi410-201205001, ESXi410-201205401-SG, ESXi500-201205001, ESXi500-201205401-SG, VIGILANCE-VUL-11577, VMSA-2012-0009, VMSA-2012-0009.1, VMSA-2012-0009.2, VMSA-2012-0011.

Description of the vulnerability

Several vulnerabilities were announced in VMware products.

An attacker, who is located in a guest system, can use a RPC command with malicious data pointers, to corrupt the memory of the host system, in order to execute code. [severity:2/4; CERTA-2012-AVI-249, CVE-2012-1516]

An attacker, who is located in a guest system, can use a RPC command with malicious function pointers, to corrupt the memory of the host system, in order to execute code. [severity:2/4; CVE-2012-1517]

A network attacker can use malicious NFS data, in order to corrupt the memory. [severity:3/4; BID-53371, CVE-2012-2448]

An attacker, who is located in a guest system with administrator privileges, can use the virtual floppy drive, to corrupt the memory of the host system, in order to execute code. [severity:1/4; CVE-2012-2449]

An attacker, who is located in a guest system with administrator privileges, can use a SCSI device, to corrupt the memory of the host system, in order to execute code. [severity:1/4; CVE-2012-2450]

Several vulnerabilities in VMware products can therefore be used by an attacker to elevate his privileges, by executing code.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities workaround. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.



















Copyright 1999-2013 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française