Detections
Analytics
VMware Products Multiple Vulnerabilities (VMSA-2010-0018)
high Nessus Plugin ID 51057
Language:
Synopsis
The remote host has a virtualization application affected by multiple vulnerabilities.Description
A VMware product (Player, Workstation, Server, or Movie Decoder) detected on the remote host has one or more of the following vulnerabilities :- A vulnerability in VMware Tools update could allow arbitrary code execution on non-Windows based guest operating systems with root privileges. (CVE-2010-4297)
- A vulnerability in VMware VMnc Codec could allow arbitrary code execution subject to the privileges of the user running the application using the vulnerable codec. (CVE-2010-4294)
In addition to patching, VMware Tools must be manually updated on all guest VMs in order to completely mitigate certain vulnerabilities. Refer to the VMware advisory for more information.
Solution
Upgrade to :- VMware Workstation 6.5.5 / 7.1.2 or later.
- VMware Player 2.5.5 / 3.1.2 or later.
- VMware Movie Decoder (standalone) 6.5.5/7.1.2 or later.
See Also
https://www.vmware.com/security/advisories/VMSA-2010-0018.html
http://dvlabs.tippingpoint.com/advisory/TPTI-10-16
http://lists.vmware.com/pipermail/security-announce/2010/000112.html
Plugin Details
Severity: High
ID: 51057
File Name: vmware_multiple_vmsa_2010_0018.nasl
Version: 1.13
Type: local
Agent: windows
Family: Windows
Published: 12/7/2010
Updated: 3/27/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.8
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2010-4294
Vulnerability Information
CPE: cpe:/a:vmware:vmware_player, cpe:/a:vmware:vmware_server, cpe:/a:vmware:vmware_workstation
Required KB Items: SMB/Registry/Enumerated
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/2/2010
Vulnerability Publication Date: 12/2/2010
Reference Information
CVE: CVE-2010-4294, CVE-2010-4297