Many high-risk SVGA code execution vulnerability bug,VMware efforts to be patched-vulnerabilities and early warning-the black bar safety net

2017-09-20T00:00:00
ID MYHACK58:62201789401
Type myhack58
Reporter 佚名
Modified 2017-09-20T00:00:00

Description

VMware this week announced a patch to fix a number of vulnerabilities flaws bug, contains a major vulnerability flaws bugs, exploits flaws bug touches the product containing ESXi, vCenter Server, Workstation and Fusion. This is the major vulnerability flaws bug number for CVE-2017-4924, which is a SVGA equipment in cross-border writing scores, SVGA is via a process VMware fictional product to complete the old fictional graphics. VMware performance, the vulnerability flaws of the bug can probably let the hackers via a process visitors the fictitious machine on the host to fulfill code. 6 November 22, Comsecuris UG of Nico Golde and Ralf-Philipp Weinmann via the process ZDI to VMware declared a security vulnerability flaws bug. ZDI notice notice pointed out, the attacker may be necessary perhaps in a guest host to perform low-privilege code capabilities application vulnerability flaws bug. “Shader exists a vulnerability flaws bug,”ZDI notifies the billing mentioned.“ Vulnerability flaws bug the reason why there is no for the user to submit accurate data verification, which may perhaps incur data is written to the buffer at the beginning. Then the attacker can probably apply the rest of the vulnerability flaws of the bug in the hostoperating systemon the honour code.“ Only VMware will be its rating as significant, but ZDI is given a CVSS Score of 6. 2, are in-risk vulnerabilities flaws bug. OS X on ESXi 6.5, Workstation 12. x and Fusion 8. x are affected. ! This week announced the second vulnerability flaws bugs listed as in danger, numbered CVE-2017-4925 by Zhang Haitao present invention. He noted that at the disposal of the guest-host RPC pleading, ESXi, Workstation and Fusion there is a NULL pointer De to invoke vulnerability flaws bug. As long as the attacker have common user rights can perhaps application vulnerability flaws bug damage to the fictitious machine. This vulnerability flaws bug affects OS X on ESXi 5.5,6. 0 and 6. 5, the Workstation 12. x and Fusion 8. x. The third vulnerability flaws bug has also been named in the crisis, by Thomas Ornetzeder invention, the vulnerability flaws of the bug number CVE-2017-4926。 Ornetzeder invention, the version 6. 5 on the vCenter Server with H5 client in the presence of a storage-type cross-site script(XSS vulnerability flaws bug. With VC user privileges the attacker could perhaps in a web page to inject malicious Trojan virus js code, when the rest of the users visit on May perhaps perform coherent code.