The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VMware Player

vulnerability CVE-2016-2077

VMware Player, Workstation: privilege escalation

Synthesis of the vulnerability

An attacker on a Windows host system can use VMware Player or Workstation, in order to escalate his privileges.
Impacted products: VMware Player, VMware Workstation.
Severity: 2/4.
Creation date: 17/05/2016.
Identifiers: CERTFR-2016-AVI-175, CVE-2016-2077, VIGILANCE-VUL-19620, VMSA-2016-0005, VMSA-2016-0005.1, VMSA-2016-0005.2, VMSA-2016-0005.3, VMSA-2016-0005.4.

Description of the vulnerability

The VMware Player or Workstation product can be installed on Windows.

However, tools on the host system do no use the full access path to executable programs.

An attacker on a Windows host system can therefore use VMware Player or Workstation, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-6933

VMware ESXi, Player, Workstation: memory corruption via HGFS

Synthesis of the vulnerability

An attacker can generate a memory corruption in HGFS of VMware ESXi, Player or Workstation, in order to trigger a denial of service, and possibly to run privileged code on Windows.
Impacted products: ESXi, VMware Player, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Creation date: 08/01/2016.
Identifiers: CERTFR-2016-AVI-005, CVE-2015-6933, VIGILANCE-VUL-18664, VMSA-2016-0001.

Description of the vulnerability

The VMware ESXi, Player and Workstation products offer VMware Tools, which run inside the guest system.

However, an attacker in a Windows guest system, can trigger a memory corruption in the "Shared Folders" (HGFS) feature, in order to escalate his privileges in the guest system.

An attacker can therefore generate a memory corruption in HGFS of VMware ESXi, Player or Workstation, in order to trigger a denial of service, and possibly to run privileged code on Windows.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-3650

VMware Workstation and Player on MS-Windows: privilege escalation via missing ACLs

Synthesis of the vulnerability

An attacker can make profit of the miss of ACL in VMware Workstation, in order to escalate his privileges.
Impacted products: VMware Player, VMware Workstation.
Severity: 2/4.
Creation date: 10/07/2015.
Identifiers: CERTFR-2015-AVI-287, CVE-2015-3650, VIGILANCE-VUL-17339, VMSA-2015-0005.

Description of the vulnerability

The VMware Workstation product is a virtualization tool.

A virtual machine is, as far as the Windows kernel knows, is an ordinary process. However, one of the programs of the virtualization layer does not define permissions where it should do. This allows an attacker to inject code into one of these processes, which typically run with hight privileges.

An attacker can therefore make profit of the miss of ACL in VMware Workstation, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2014-8370 CVE-2015-1043 CVE-2015-1044

VMware ESXi, Player, Workstation: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi, Player, Workstation.
Impacted products: ESXi, VMware Player, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Creation date: 28/01/2015.
Identifiers: CERTFR-2015-AVI-044, CVE-2014-8370, CVE-2015-1043, CVE-2015-1044, ESXi500-201405001, ESXi500-201405101-SG, ESXi500-201405102-SG, ESXi510-201404001, ESXi510-201404101-SG, ESXi510-201404102-SG, ESXi550-201501001, ESXi550-201501101-SG, VIGILANCE-VUL-16066, VMSA-2014-0002.2, VMSA-2014-0002.3, VMSA-2015-0001, ZDI-15-031.

Description of the vulnerability

Several vulnerabilities were announced in VMware ESXi, Player, Workstation.

An attacker can create a file in the host system, in order to escalate his privileges. [severity:2/4; CVE-2014-8370]

An attacker can manipulate the HGFS (Host Guest File System), in order to trigger a denial of service. [severity:1/4; CVE-2015-1043]

An attacker can use vmware-authd, in order to trigger a denial of service on the host system. [severity:2/4; CVE-2015-1044, ZDI-15-031]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2014-3793

VMware Workstation, Player, ESXi: privilege escalation via VMware Tools for Windows 8.1

Synthesis of the vulnerability

A local attacker can use the VMware Tools for Windows 8.1 of VMware Workstation, Player, or ESXi, in order to escalate his privileges.
Impacted products: ESXi, VMware Player, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Creation date: 30/05/2014.
Identifiers: CERTFR-2014-AVI-117, CERTFR-2014-AVI-247, CVE-2014-3793, ESXi500-201405001, ESXi500-201405101-SG, ESXi500-201405102-SG, ESXi510-201404001, ESXi510-201404101-SG, ESXi510-201404102-SG, ESXi550-201403101-SG, VIGILANCE-VUL-14823, VMSA-2014-0002, VMSA-2014-0002.2, VMSA-2014-0002.3, VMSA-2014-0004.3, VMSA-2014-0005, VMSA-2015-0001.

Description of the vulnerability

The VMware Workstation, Player or ESXi product offers VMware Tools.

However, on Microsoft Windows 8.1, a local attacker can use the VMware Tools, to escalate his privileges in the guest system.

A local attacker can therefore use the VMware Tools for Windows 8.1 of VMware Workstation, Player, or ESXi, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2014-2384

VMware WorkStation, Player: NULL pointer dereference via vmx86.sys

Synthesis of the vulnerability

An attacker can dereference a NULL pointer in vmx86.sys of VMware WorkStation or Player, in order to trigger a denial of service.
Impacted products: VMware Player, VMware Workstation.
Severity: 1/4.
Creation date: 11/04/2014.
Identifiers: CVE-2014-2384, VIGILANCE-VUL-14582.

Description of the vulnerability

The VMware WorkStation and Player products install the vmx86.sys driver.

However, it does not check if a pointer is NULL, before using it.

An attacker can therefore dereference a NULL pointer in vmx86.sys of VMware WorkStation or Player, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2014-0160

OpenSSL: information disclosure via Heartbeat

Synthesis of the vulnerability

An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Impacted products: Tomcat, ArubaOS, i-Suite, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, ARCserve Backup, ASA, Cisco Catalyst, IOS XE Cisco, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Cisco IP Phone, Cisco Unity ~ precise, XenDesktop, MIMEsweeper, Clearswift Email Gateway, Clearswift Web Gateway, Debian, ECC, PowerPath, ArcGIS ArcView, ArcGIS for Desktop, ArcGIS for Server, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, HP Diagnostics, LoadRunner, Performance Center, AIX, WebSphere MQ, WS_FTP Server, IVE OS, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SA, Juniper UAC, LibreOffice, MBS, McAfee Email Gateway, ePO, GroupShield, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows 8, Windows RT, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, Opera, Solaris, pfSense, HDX, RealPresence Collaboration Server, Polycom VBP, Puppet, RHEL, RSA Authentication Manager, SIMATIC, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, ASE, OfficeScan, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware Player, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Creation date: 08/04/2014.
Identifiers: 1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951.

Description of the vulnerability

The Heartbeat extension of TLS (RFC 6520) provides a keep-alive feature, without performing a renegotiation. It exchanges random data in a payload.

Version 1.0.1 of OpenSSL implements Heartbeat, which is enabled by default. The [d]tls1_process_heartbeat() function manages Heartbeat messages. However, it does not check the size of random data, and continues to read after the end of the payload, and then sends the full memory area (up to 64kb) to the peer (client or server).

An attacker can therefore use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2014-1208

VMware: denial of service via VMX

Synthesis of the vulnerability

A local attacker can use an invalid port, in order to trigger a denial of service on the VMX process of VMware products.
Impacted products: ESX, ESXi, VMware Player, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Creation date: 17/01/2014.
Identifiers: BID-64994, CERTA-2013-AVI-657, CERTFR-2014-AVI-036, CVE-2014-1208, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201312001, ESX410-201312401-SG, ESX410-201312403-SG, ESXi400-201310001, ESXi400-201310401-SG, ESXi410-201312001, ESXi410-201312401-SG, ESXi500-201310101-SG, ESXi510-201401101-SG, VIGILANCE-VUL-14105, VMSA-2013-0007.1, VMSA-2013-0009.2, VMSA-2013-0009.3, VMSA-2013-0015, VMSA-2014-0001.

Description of the vulnerability

The VMX process is used to manage virtual machines.

However, an attacker located in a guest system can use an invalid port, in order to stop the VMX process. Technical details are unknown.

A local attacker can therefore use an invalid port, in order to trigger a denial of service on the VMX process of VMware products.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2013-3519

VMware ESX, Player, Workstation: privilege escalation via lgtosync.sys

Synthesis of the vulnerability

A local attacker can corrupt the memory of lgtosync.sys of VMware ESX, Player and Workstation, in order to escalate his privileges.
Impacted products: ESX, ESXi, VMware Player, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Creation date: 04/12/2013.
Identifiers: BID-64075, CERTA-2013-AVI-208, CERTA-2013-AVI-652, CVE-2013-3519, ESX400-201305001, ESX400-201305401-SG, ESX410-201301001, ESX410-201301401-SG, ESX410-201301402-SG, ESX410-201301403-SG, ESX410-201301405-SG, ESXi400-201305001, ESXi400-201305401-SG, ESXi410-201301001, ESXi410-201301401-SG, ESXi410-201301402-SG, ESXi500-201303001, ESXi500-201303101-SG, ESXi500-201303102-SG, VIGILANCE-VUL-13867, VMSA-2013-0001, VMSA-2013-0001.3, VMSA-2013-0003, VMSA-2013-0004, VMSA-2013-0013, VMSA-2013-0014.

Description of the vulnerability

The VMware ESX, Player and Workstation products install the lgtosync.sys driver on guest systems of type Windows.

However, an attacker in the guest system can corrupt the memory of this driver, in order to execute code with system privileges in the guest system.

A local attacker can therefore corrupt the memory of lgtosync.sys of VMware ESX, Player and Workstation, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2013-5972

VMware Player, Workstation: privilege escalation via Linux

Synthesis of the vulnerability

A local attacker, on a Linux host system, can escalate his privileges via VMware Player or Workstation.
Impacted products: VMware Player, VMware Workstation.
Severity: 2/4.
Creation date: 15/11/2013.
Identifiers: BID-63739, CERTA-2013-AVI-641, CVE-2013-5972, VIGILANCE-VUL-13783, VMSA-2013-0013.

Description of the vulnerability

The VMware Workstation and VMware Player products can be installed on Linux. In this case, they use a shared library.

However, an attacker located on the host system can use a vulnerability in the handling of this library, in order to execute code with root privileges.

A local attacker, on a Linux host system, can therefore escalate his privileges via VMware Player or Workstation.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.